https

2020-03-18

• followed instructions at https://wiki.debian.org/LetsEncrypt
• apt install python-certbot-apache
• apt install
• had to change 000-default.conf to bonmot.ca.conf
• had to remove an extra ServerAlias from gay.hfxns.org.conf
• created the cert with:

that LetsEncrypt page says all you need to do is:

 sudo certbot --apache -d <domain> --post-hook "/usr/sbin/service apache2 restart"

 certbot --authenticator standalone --installer apache -dbonmot.ca -dgay.hfxns.org -dperformance.bonmot.ca -dnew.wayves.ca -dwayves.ca --pre-hook "service apache2 stop" --post-hook "service apache2 start"

• To renew: just do: certbot renew
• test with https://www.ssllabs.com/ssltest/
• test with https://whynopadlock.com/