I'm working on a second Django project. This time, using Django REST framework, new things such as back-and-back, completely separate implementation of front end, and https communication by ssl are possible. We are proceeding while taking on challenges.
This time, information was already shared by various people on the net,
First, in this setting, the following conditions must be met.
Regarding this, the offical page of Lets encrypt recommended using software called Certbot, but if you look it up, you can easily do it without doing it. It seems.
$ cd /usr/local
$ sudo git clone https://github.com/letsencrypt/letsencrypt
In the reference text, I made it with the create command immediately after installing it above, but it didn't work. Actually, the following settings are required before that.
I don't think the domain I bought from the provider has www, but I need to add it as an A record on the DNS server. An error will occur if the domain does not have www in the certificate creation phase of Lets Encrypt.
Domain: example.com
Additional part
Name: www.example.com
Type: A record
Value:Server ip address
Of course, don't forget to add the following items to the apache site configuration file.
ServerAlias www.example.com
This part is limited to the Django project. You will need a software called mod_wsgi to deploy the Django project to apache2. As a matter of fact, after installing mod_wsgi, you will add the following items to the configuration file.
WSGIDaemonProcess django_wsgi pythonpath=/var/www/myproject:/usr/local/lib/python2.7/dist-packages
WSGIProcessGroup django_wsgi
WSGIScriptAlias / /var/www/myproject/myproject/wsgi.py
Lets Encrypt will automatically create an ssl-compatible site prescriptive file after creating a certificate by referring to the existing configuration file, but if you do not comment out the above part, the following error will occur. I will.
Name duplicates previous WSGI daemon definition
Therefore, you can comment out the upper part first, create a certificate, set it, and then remove the comment out in the ssl-enabled site prescriptive file.
It's finally in the creation phase, but you can easily create it just by executing the following command. Moreover, the configuration file in apache is also created automatically.
cd letsencrypt/
sudo ./letsencrypt-auto --apache -d example.com -d www.example.com
For the Django project, you need to enable the mod_wsgi config line in the created apache config file.
You can now use the free ssl certificate for https communication. Last but not least, the expiration date of the certificate. The above method is valid for 3 months, so you need to renewal before it expires. There is a lot of information shared by other people about this, so I think you should refer to that.
Description about expiration date when created
Your cert will expire on 2017-12-04. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again with the "certonly" option. To
non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
Setting up SSL on a Django App with Let's Encrypt - Ubuntu, Apache, and mod_wsgi
Recommended Posts