* * * * *

                              Late to the party

I've been blogging for 23 years as of today. This is also the first day this
blog is being served up via https:. All I had to do was just install the
latest version of Apache on my server [1].

It took several days, but I got the latest version of Apache compiled and
installed on my server. Yes, I did it the hard way. What better way of
knowing how things work than doing it the hard way. I then spent Saturday
updating the configuration. There were a few changes, like NameVirtualHost
[2] being deprecated, and having to add “Protocols [3] h2 h2c http/1.1” and
“Require [4] all granted”.

Once that was done and the new server was up and running, then I dove into
the whole “Encrypt All The Things!” rabbit hole (I know, I know, 2015 called
and said I was late to the party). A recent post [5] of mine made it to The
Orange Site [6] and fully half of the comments were about the disturbing lack
of [DELETED-faith-DELETED] TLS (Transport Layer Security) I had. Of course.
Fortunately, Apache [7] has a module [8] to handle certificates from Let's
Encrypt [9] (or others places that support the “certificate update dance”
protocol). Unfortunately, there are subtleties not mentioned in the
documentation. Like the MDCACertificateFile directive (which I need for my
setup—don't ask) not being documented. Or the fact that if you make any type
of mistake (like using the wrong domain name because you cut-n-paste the
configuration from one host into another and forgot to make the domain name
change, or using “SSLEngine on” in the wrong place, or forgetting to add acme
tls/1 to the Protocols directive) everything goes pear shaped and Let's
Encrypt will rate limit and … ugh. I'm just lucky I have a few domains to
practice on before enabling it for my main sites.

But I was able to finish in time for the 23^rd anniversary of my blog and get
that stupid little lock on my site.

You're welcome.

[1] gopher://gopher.conman.org/0Phlog:2022/11/28.1
[2] https://httpd.apache.org/docs/2.4/mod/core.html#namevirtualhost
[3] https://httpd.apache.org/docs/2.4/mod/core.html#protocols
[4] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
[5] gopher://gopher.conman.org/0Phlog:2022/09/22.1
[6] https://news.ycombinator.com/item?id=32969374
[7] https://httpd.apache.org/
[8] https://httpd.apache.org/docs/2.4/mod/mod_md.html
[9] https://letsencrypt.org/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.