| From: |
"Massimo S." <ecs-isp@2rosenthals.com> |
Full Headers
Undecoded message |
| Subject: |
Re: [eCS-ISP] Let's encrypt |
| Date: |
Mon, 12 Aug 2024 21:18:56 +0200 |
| To: |
eCS ISP Mailing List <ecs-isp@2rosenthals.com> |
|
|---|
Il 12/08/2024 07:54, Dan Napier, MS, CIH, CAC ha scritto:
-- Certified Industrial Hygienist
Certified Asbestos Consultant
Dan Napier, MS, CIH, CAC
92-0614 8/24/24
2520 Artesia Boulevard
Redondo Beach, CA 90278-3210
310-644-1924 x 103
CSLB 773462Massimo,
Some steps are not so easy to see
Step by step
"create a certificate with the chain certificate inside of the .cert, so
you have always the latest chain certificate from Let's Encrypt automatically."
OK I have no idea what to do here. You say create a certificate. COMO VA?
uacme -v new
will not allow connection to the WEB
It installed a key in mptn\etc\ssl\uacme\ but that was all
I appreciate your help, but there is alot left out. apache needs some modules loaded, I think I may be missing some of those. I got rewrite and ssl, but did you load the ssl page from extra too?
Hi,
LoadModule ssl_module modules/ssl.dll
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
SSLPassPhraseDialog builtin
SSLSessionCacheTimeout 300
SSLSessionCache shmcb:X:/temp/ssl_scache(512000)
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSV1.1
SSLHonorCipherOrder on
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_256_CCM_8:TLS_DHE_RSA_WITH_AES_256_CCM
SSLUseStapling on
SSLStaplingErrorCacheTimeout 600
SSLStaplingCache shmcb:X:/temp/ssl_cache(512000)
SSLCompression Off
these will make your ssl hosting to get an overall rating of A+
https://www.ssllabs.com/ssltest/analyze.html?d=www.yourwebsite.com
it has been very hard to get A+ rating from this website ;-)
instead about session cache resumption:
Session resumption (caching) No (IDs assigned but not accepted)
i still don't know how to improve this parameter
massimo
On Sunday, August 11, 2024 22:00 PDT, "Massimo S." <ecs-isp@2rosenthals.com> wrote:
hi,
you can find all in my posts here of 23/7/2024 12,20 and 13,30
apache+uacme is explained in details, step by step
massimo
Il 11/08/2024 22:07, Dan Napier, MS, CIH, CAC ha scritto:
> Massimo,
>
> potresti aiutarmi inviando una copia dello script che stai utilizzando per "Let's Encrypt" Sono totalmente
> perso, ma ispirato perché l'hai fatto. Dan Napier dan@cihcsp.com
>
>
>
>
>
>
> --
> Certified Industrial Hygienist
> Certified Asbestos Consultant
>
> Dan Napier, MS, CIH, CAC
> 92-0614 8/24/24
> 2520 Artesia Boulevard
> Redondo Beach, CA 90278-3210
> 310-644-1924 x 103
> CSLB 773462
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|