{"id":856,"date":"2021-04-28T07:44:34","date_gmt":"2021-04-28T07:44:34","guid":{"rendered":"https:\/\/techno.slomka.biz\/?p=856"},"modified":"2026-03-16T15:22:12","modified_gmt":"2026-03-16T15:22:12","slug":"https-setup-fur-eine-flask-anwendung-teil-2","status":"publish","type":"post","link":"https:\/\/techno.slomka.biz\/?p=856","title":{"rendered":"HTTPS Setup f\u00fcr eine Flask Anwendung &#8211; Teil 2"},"content":{"rendered":"\n<p>Im <a href=\"https:\/\/techno.slomka.biz\/?p=815\" data-type=\"post\" data-id=\"815\">ersten Teil <\/a>habe ich die Einrichtung des Ubuntu Servers f\u00fcr meine kleine Webanwendung f\u00fcr den isl\u00e4ndisch Kurs beschrieben. Im zweiten Teil m\u00f6chte ich kurz auf die HTTPS Einrichtung eingehen.<\/p>\n\n\n\n<p>Die <a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04\" data-type=\"URL\" data-id=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04\">DigitalOcean Anleitung f\u00fcr Ubuntu <\/a>18.04 funktioniert nicht unter Ubunt 20.x. Bitte darauf achren, die Anleitung f\u00fcr das <a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04\" data-type=\"URL\" data-id=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04\">eingesetzte Ubuntu Release (hier 20.04)<\/a> zu verwenden, falls vorhanden. Das verwendete Repository <code>ppa:certbot\/certbot<\/code> ist im Status DEPRECATED.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><span style=\"color:#0276a8\" class=\"has-inline-color\">slommi@ubuntu-s-1vcpu-1gb-fra1-01:~$<\/span> <strong>sudo add-apt-repository ppa:certbot\/certbot<\/strong>\nThe PPA has been DEPRECATED.\n\nTo get up to date instructions on how to get certbot for your systems, please see https:\/\/certbot.eff.org\/docs\/install.html.\nMore info: https:\/\/launchpad.net\/~certbot\/+archive\/ubuntu\/certbot\nPress &#91;ENTER] to continue or Ctrl-c to cancel adding it.<\/code><\/pre>\n\n\n\n<p>Daher wird der Certbot f\u00fcr die Let&#8217;s Encrypt Zertifikate <\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>sudo apt install certbot python3-certbot-apache<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">apt<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">install<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">python3-certbot-apache<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Ein Apache Virtual Host ist Vorausssetzung f\u00fcr die n\u00e4chsten Schritte. Die Einrichtung habe ich in <a href=\"https:\/\/techno.slomka.biz\/?p=815\/#apache-vhost\">Teil 1<\/a> beschrieben.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">HTTPS Zugriff durch die Firewall<\/h3>\n\n\n\n<p>Der aktuelle Status der Firewall wird mit <code>ufw <\/code>abgefragt:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>sudo ufw status\nStatus: active\n\nTo                         Action      From\n--                         ------      ----\nOpenSSH                    ALLOW       Anywhere                  \nApache                     ALLOW       Anywhere                  \nOpenSSH (v6)               ALLOW       Anywhere (v6)             \nApache (v6)                ALLOW       Anywhere (v6)<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">ufw<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">status<\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">Status:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">active<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">To<\/span><span style=\"color: #EEFFFF\">                         <\/span><span style=\"color: #C3E88D\">Action<\/span><span style=\"color: #EEFFFF\">      <\/span><span style=\"color: #C3E88D\">From<\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">--<\/span><span style=\"color: #EEFFFF\">                         <\/span><span style=\"color: #C3E88D\">------<\/span><span style=\"color: #EEFFFF\">      <\/span><span style=\"color: #C3E88D\">----<\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">OpenSSH<\/span><span style=\"color: #EEFFFF\">                    <\/span><span style=\"color: #C3E88D\">ALLOW<\/span><span style=\"color: #EEFFFF\">       <\/span><span style=\"color: #C3E88D\">Anywhere<\/span><span style=\"color: #EEFFFF\">                  <\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">Apache<\/span><span style=\"color: #EEFFFF\">                     <\/span><span style=\"color: #C3E88D\">ALLOW<\/span><span style=\"color: #EEFFFF\">       <\/span><span style=\"color: #C3E88D\">Anywhere<\/span><span style=\"color: #EEFFFF\">                  <\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">OpenSSH<\/span><span style=\"color: #EEFFFF\"> (v6)               ALLOW       Anywhere <\/span><span style=\"color: #89DDFF\">(<\/span><span style=\"color: #FFCB6B\">v6<\/span><span style=\"color: #89DDFF\">)<\/span><span style=\"color: #EEFFFF\">             <\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">Apache<\/span><span style=\"color: #EEFFFF\"> (v6)                ALLOW       Anywhere <\/span><span style=\"color: #89DDFF\">(<\/span><span style=\"color: #FFCB6B\">v6<\/span><span style=\"color: #89DDFF\">)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Um eingehende HTTPS Anfragen zu erlauben, muss das Apache Full Profil zugelassen werden. Das HTTP Apache Profil kann entfernt werden.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>sudo ufw allow 'Apache Full'\nsudo ufw delete allow 'Apache'<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">ufw<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">allow<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&#39;<\/span><span style=\"color: #C3E88D\">Apache Full<\/span><span style=\"color: #89DDFF\">&#39;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">ufw<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">delete<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">allow<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&#39;<\/span><span style=\"color: #C3E88D\">Apache<\/span><span style=\"color: #89DDFF\">&#39;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Eine Statusabfrage mit <code>sudo ufw status<\/code> zeigt jetzt <code>Apache Full<\/code> an.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Zertifikate von Let&#8217;s Encrypt<\/h3>\n\n\n\n<p>Der certbot wird mit dem Apache Plugin und der gew\u00fcnschten Dom\u00e4ne (-d) aufgerufen. Die folgenden Fragen nach Parametern sind zu beantworten. Bei der Frage nach Umleitung der HTTP Anfragen auf HTTPS empfehle ich einer Umleitung auf HTTPS zuzustimmen.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>sudo certbot --apache -d is.hslomka.de<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">--apache<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">-d<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">is.hslomka.de<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Die Zertifikate sind nur 90 Tage g\u00fcltig. Daher hat certbot einen Systemservice eingerichtet, der sich um die Erneuerung der Zertifikate k\u00fcmmert. Der Prozess kann mit einem <code>--dryrun<\/code> getestet werden.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>certbot renew --dry-run<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">certbot<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">renew<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">--dry-run<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Der entscprechende systemd Service hei\u00dft  <code>certbot.timer<\/code>.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>sudo systemctl status certbot.timer<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">systemctl<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">status<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot.timer<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#EEFFFF;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#304047;color:#d5ffff\">Bash<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#EEFFFF;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>slommi@ubuntu-s01:~$sudo systemctl status certbot.timer\n\u25cf certbot.timer - Run certbot twice daily\n     Loaded: loaded (\/lib\/systemd\/system\/certbot.timer; enabled; vendor preset: enabled)\n     Active: &lt;span style=\"color:#0276a8\" class=\"has-inline-color\">active (waiting) &lt;\/span>since Wed 2021-04-07 13:43:30 UTC; 2 weeks 6 days ago\n    Trigger: Wed 2021-04-28 09:59:33 UTC; 2h 17min left\n   Triggers: \u25cf certbot.service\n\nApr 07 13:43:30 ubuntu-s-1vcpu-1gb-fra1-01 systemd&#91;1&#93;: Started Run certbot twice daily.<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki material-theme\" style=\"background-color: #263238\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #FFCB6B\">slommi@ubuntu-s01:~$sudo<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">systemctl<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">status<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot.timer<\/span><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">\u25cf<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot.timer<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">-<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">Run<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">twice<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">daily<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">     <\/span><span style=\"color: #FFCB6B\">Loaded:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">loaded<\/span><span style=\"color: #EEFFFF\"> (\/lib\/systemd\/system\/certbot.timer<\/span><span style=\"color: #89DDFF\">;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #FFCB6B\">enabled<\/span><span style=\"color: #89DDFF\">;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #FFCB6B\">vendor<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">preset:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">enabled<\/span><span style=\"color: #EEFFFF\">)<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">     <\/span><span style=\"color: #FFCB6B\">Active:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #89DDFF\">&lt;<\/span><span style=\"color: #C3E88D\">span<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">style=<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">color:#0276a8<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">class=<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #C3E88D\">has-inline-color<\/span><span style=\"color: #89DDFF\">&quot;<\/span><span style=\"color: #89DDFF\">&gt;<\/span><span style=\"color: #C3E88D\">active<\/span><span style=\"color: #EEFFFF\"> (waiting) <\/span><span style=\"color: #89DDFF\">&lt;<\/span><span style=\"color: #EEFFFF\">\/span<\/span><span style=\"color: #89DDFF\">&gt;<\/span><span style=\"color: #EEFFFF\">since Wed 2021-04-07 13:43:30 UTC<\/span><span style=\"color: #89DDFF\">;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #FFCB6B\">2<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">weeks<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">6<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">days<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">ago<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">    <\/span><span style=\"color: #FFCB6B\">Trigger:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">Wed<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">2021<\/span><span style=\"color: #C3E88D\">-04-28<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">09<\/span><span style=\"color: #C3E88D\">:59:33<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">UTC<\/span><span style=\"color: #89DDFF\">;<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #FFCB6B\">2h<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">17<\/span><span style=\"color: #C3E88D\">min<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">left<\/span><\/span>\n<span class=\"line\"><span style=\"color: #EEFFFF\">   <\/span><span style=\"color: #FFCB6B\">Triggers:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">\u25cf<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot.service<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #FFCB6B\">Apr<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">07<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #F78C6C\">13<\/span><span style=\"color: #C3E88D\">:43:30<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">ubuntu-s-1vcpu-1gb-fra1-01<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">systemd&#91;<\/span><span style=\"color: #F78C6C\">1<\/span><span style=\"color: #C3E88D\">&#93;:<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">Started<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">Run<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">certbot<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">twice<\/span><span style=\"color: #EEFFFF\"> <\/span><span style=\"color: #C3E88D\">daily.<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>HTTPS ist eingerichtet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Im ersten Teil habe ich die Einrichtung des Ubuntu Servers f\u00fcr meine kleine Webanwendung f\u00fcr den isl\u00e4ndisch Kurs beschrieben. Im zweiten Teil m\u00f6chte ich kurz auf die HTTPS Einrichtung eingehen. Die DigitalOcean Anleitung f\u00fcr Ubuntu 18.04 funktioniert nicht unter Ubunt 20.x. Bitte darauf achren, die Anleitung f\u00fcr das eingesetzte Ubuntu Release (hier 20.04) zu verwenden, falls vorhanden. Das verwendete Repository ppa:certbot\/certbot ist im Status DEPRECATED. Daher wird der Certbot f\u00fcr die Let&#8217;s Encrypt Zertifikate Ein Apache Virtual Host ist Vorausssetzung f\u00fcr die n\u00e4chsten Schritte. Die Einrichtung habe ich in Teil 1 beschrieben. HTTPS Zugriff durch die Firewall Der aktuelle Status der Firewall wird mit ufw abgefragt: Um eingehende HTTPS Anfragen zu erlauben, muss das Apache Full Profil zugelassen werden. Das HTTP Apache Profil kann entfernt werden. Eine Statusabfrage mit sudo ufw status zeigt jetzt Apache Full an. Zertifikate von Let&#8217;s Encrypt Der certbot wird mit dem Apache Plugin und der gew\u00fcnschten Dom\u00e4ne (-d) aufgerufen. Die folgenden Fragen nach Parametern sind zu beantworten. Bei der Frage nach Umleitung der HTTP Anfragen auf HTTPS empfehle ich einer Umleitung auf HTTPS zuzustimmen. Die Zertifikate sind nur 90 Tage g\u00fcltig. Daher hat certbot einen Systemservice eingerichtet, der sich um die Erneuerung der Zertifikate k\u00fcmmert. Der Prozess kann mit einem &#8211;dryrun getestet werden. Der entscprechende systemd Service hei\u00dft certbot.timer. HTTPS ist eingerichtet.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[113,3,25],"tags":[121,56,122],"class_list":["post-856","post","type-post","status-publish","format-standard","hentry","category-apache-httpd","category-devops","category-ubuntu","tag-apache-httpd","tag-devops","tag-lets-encrypt"],"_links":{"self":[{"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/posts\/856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=856"}],"version-history":[{"count":3,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/posts\/856\/revisions"}],"predecessor-version":[{"id":1116,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=\/wp\/v2\/posts\/856\/revisions\/1116"}],"wp:attachment":[{"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techno.slomka.biz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}