Categories: Windows

From dehydrate to mod_md, Let’s Encrypt Tool.

Update information      Edit(Nov.16)  Edit2(Nov.30)

   Early this morning, I changed Let’s Encrypt Tool from dehydrated to mod_md. On August 17, Steffen announced “mod_md is available for 2.4.27 VC15”. I did nothing about it though I became curious, because I was busy and I already used ‘dehydrated’. But the day before yesterday, I found “ACME Support in Apache HTTP Server Project”. So I decided to use ‘mod_md’ yesterday.

   At this point, ‘mod_md’ version is 1.0.0 and Apache is 2.4.28. To our Windows users great pleasure, Steffen already built it for 2.4.28 VC15 we can download here. It easy to use. When you extract the mod_md-VC15.zip, you have bin and modules folders. As installing, copy content bin folder to your apache/bin folder and copy content modules folder to your apache/modules folder. Only the mod_ssl.so file is overwritten because this is a patched Apache mod_ssl.

[About the httpd.conf]
   Uncomment and add the next lines.
   LoadModule watchdog_module modules/mod_watchdog.so
   LoadModule md_module modules/mod_md.so

   In my case, I deleted the line Include conf/extra/letsencrypt.conf. this.

[About the httpd-ssl.conf]
   Add the next lines. See https://github.com/icing/mod_md/wiki and https://httpd.apache.org/docs/trunk/mod/mod_md.html
   MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
   MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
      because of Updating our Subscriber Agreement to v1.2 on November 15, 2017.
   MDRenewWindow 80d
   MDRenewWindow 30d   The default value is MDRenewWindow 33%. So, it’s OK even if you set nothing.
   ManagedDomain example.com
   MDomain example.com
      because of MDomain Directive.

   You don’t need ‘SSLCertificateFile’ and ‘SSLCertificateKeyFile’ directives.

   In my case, I deleted the next lines.
   SSLOpenSSLConfCmd ECDHParameters secp384r1 and SSLOpenSSLConfCmd Curves secp384r1. this.
   I re-wrote ECDSA to RSA about Server authentication in CipherSuite directive because mod_md creates RSA certs by Defaults.

   Reboot Apache. mod_md creates MD folder in ServerRoot.

   Here is SSLLABS Server Test result at this point:
https://test.o6asan.com/SSL_Server_Test_o6asan_com13.html

Edit(Nov.16):
   Certificates update by mod_md was completely at 16:07:35 UTC on Nov.8 on the server.
   The module works well. Good job!

Edit2(Nov.30):
   This morning, I found someone, who uses Internet Explorer 11 on Windows7, wouldn’t access my site because of my server cipher suite which I set after changing the tool. A month has passed, OOPS!
   So I added TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 to the httpd-ssl.conf. boo-hoo!!
   Here is SSLLABS Server Test result at this point:
https://test.o6asan.com/SSL_Server_Test_o6asan_com14.html

o6asan

Recent Posts

I completed my WordPress to Sub-domain.

About a week ago, I finally started to renew my sites, which I had been…

10 months ago

Happy New Year!

   Happy New Year! It is the beginning of a new year.    This is a year…

3 years ago

My Web server supports TLSv1.3 now.

   Apache 2.4.37 from Apache Lounge supported TLSv1.3, so I enabled TLSv1.3 on my Web server…

3 years ago

I made an external 1seg antenna for SC-02H.

I made it without understanding, but I think I got some good results, so I'll…

3 years ago

phpMyAdmin uses Twig by default from the version 4.8.0.

   I updated phpMyAdmin from 4.7.9 to 4.8.0 the day before yesterday. Although they wrote that…

3 years ago

The director of ‘Hotaru no haka’ Takahata Isao (高畑勲) passed away.

   On Apr. 5 in Japan time, the director of 'Hotaru no haka' Takahata Isao (高畑勲)…

3 years ago

This website uses cookies.