Verbeter de prestaties en beveiliging van uw webserver
Source of certificate:
/usr/local/directadmin/data/users/username/domains/domain.com.key
/usr/local/directadmin/data/users/username/domains/domain.com.cert
/usr/local/directadmin/data/users/username/domains/domain.com.cacert
/usr/local/directadmin/data/users/username/domains/domain.com.cert.combined
Create symlinks with:
ln -sf /path/to/filetolinkto /path/to/linktocreate
Webserver Apache level:
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca
Controlpanel DirectAdmin level:
/usr/local/directadmin/conf/cakey.pem
/usr/local/directadmin/conf/cacert.pem
/usr/local/directadmin/conf/carootcert.pem
Webserver Nginx level:
when proxy: /etc/httpd/conf/ssl.crt/server.crt.combined
in case being used: /etc/nginx/ssl.crt/server.crt.combined
Mail Transfer Agent Exim level:
/etc/exim.key (private key)
/etc/exim.cert (certificate followed by bundle)
IMAP / POP3 server Dovecot:
in /etc/dovecot/conf/ssl.conf and /etc/dovecot/conf/sni/domain.com.conf
/etc/exim.key
/etc/exim.cert
in my setup leading to:
/usr/local/directadmin/data/users/username/domains/domain.com.key
/usr/local/directadmin/data/users/username/domains/domain.com.cert.combined
ProFTPd:
/etc/proftpd.conf easily links to the exim certificate files.
Note: I needed in /etc/ssh/ for restart of ProFTPd: chmod 600 ssh_host_rsa_key
Pure-FTPd:
/etc/pure-ftpd.pem cannot easily link to one file containing private key followed by certificate and bundle.
Let’s Encrypt renewal time:
/usr/local/directadmin/data/users/username/domains/domain.com.cert.creation_time
Let’s Encrypt server domain(s) to renew:
/usr/local/directadmin/conf/ca.san_config
SSL in PHP and for database connections is not in my scope right now
set up for ODBC is on a separate page