Accès HTTPS avec certificat personnel

le résultat :

root@jeedom:/etc/apache2# netstat -natp | grep 443
tcp6 0 0 :::443 :::* LISTEN 15388/apache2
tcp6 0 0 192.168.10.32:80 192.168.10.11:54266 ESTABLISHED 15443/apache2
root@jeedom:/etc/apache2#

Où 10.32 est IP Jeedom et 10.11 mon Mac

Et ces commandes :

apache2ctl -S
nslookup jeedom.home.toto.fr

root@jeedom:/etc/apache2# apache2ctl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‹ ServerName › directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default-ssl.conf:1)
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default-ssl.conf:1)
port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: « /etc/apache2 »
Main DocumentRoot: « /var/www/html »
Main ErrorLog: « /var/www/html/log/http.error »
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=« /var/run/apache2/ » mechanism=default
Mutex mpm-accept: using_defaults
PidFile: « /var/run/apache2/apache2.pid »
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=« www-data » id=33
Group: name=« www-data » id=33
root@jeedom:/etc/apache2#

Et l’autre commande ?
Là le port 443 ecoute pas sur ton apache

C’est compliqué de debugger quand on sait pas ce que tu as fait où

root@jeedom:/etc/apache2# nslookup jeedom.home.toto.fr
-bash: nslookup: command not found

dig jeedom.home.toto.fr

root@jeedom:/etc/apache2# dig jeedom.home.toto.fr
-bash: dig: command not found

Et si dig est not found aussi,
host jeedom.home.toto.fr

Bonjour,

Le message d’erreur

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1. Set the ‹ ServerName › directive globally to suppress this message

Provient très probablement de la définition du virtualhost. J’utilise *:443 et pas jeedom.toto.fr.

Non aucun probleme d’etre explicite dans le virtualhost

Dans ce cas, il faut ajouter une directive ServerName dans le vhost (pas obligatoire quand on en a qu’un mais c’est plus propre ;))

root@jeedom:/etc/apache2# host jeedom.home.toto.fr
-bash: host: command not found

Je remets * à la place de jeedom.home.toto.fr alors ?

apt install dnsutils -y

et tu auras les commandes dig et nslookup

Moi je te dirais bien de virer le vhost que tu as fait.

vi /etc/apache2/sites-available/001-Jeedom-ssl.conf

Tu mets ca dedans :

<IfModule mod_ssl.c>
<VirtualHost jeedom.home.toto.fr:443>
        ServerName jeedom.home.toto.fr

        ServerAdmin mon@email.com
        DocumentRoot /var/www/html
        DirectoryIndex index.php

        <Directory /var/www/html>
                Options -Indexes +FollowSymlinks
                AllowOverride All
        </Directory>

        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/Jeedom/ssl-error.log
        CustomLog ${APACHE_LOG_DIR}/Jeedom/ssl-access.log combined
	SSLCertificateFile /etc/apache2/sslcert/toto.fr_ssl_certificate.cer
	SSLCertificateKeyFile /etc/apache2/sslcert/_.toto.fr_private_key.key
	Include /etc/apache2/options-ssl.conf
</VirtualHost>
</IfModule>

Créer le fichier /etc/apache2/options-ssl.conf et met ca dedans :

# Baseline setting to Include for SSL sites

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

Et lance ces commandes en nous donnant le retour

a2ensite 001-Jeedom-ssl.conf
apache2ctl configtest
apache2ctl restart
apache2ctl -S

1 « J'aime »

J’ai mis * mais ça ne change rien.

Le résultat de la commande apt install dnsutils -y

root@jeedom:/etc/apache2# apt install dnsutils -y
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
libmemcached11 libmemcachedutil2 libmysqlclient18 libonig2 libpng12-0
libqdbm14 libvpx1 linux-image-3.14.29+ linux-image-arm64-odroid-c2
python-lockfile u-boot-tools
Use ‹ apt autoremove › to remove them.
The following additional packages will be installed:
bind9-host libbind9-140 libdns162 libgeoip1 libisc160 libisccc140
libisccfg140 liblwres141
Suggested packages:
rblcheck geoip-bin
Recommended packages:
geoip-database
The following NEW packages will be installed:
bind9-host dnsutils libbind9-140 libdns162 libgeoip1 libisc160 libisccc140
libisccfg140 liblwres141
0 upgraded, 9 newly installed, 0 to remove and 238 not upgraded.
Need to get 2,683 kB of archives.
After this operation, 7,007 kB of additional disk space will be used.
Get:1 Index of /debian stretch/main arm64 libgeoip1 arm64 1.6.9-4 [87.4 kB]
Get:2 http://security.debian.org stretch/updates/main arm64 libisc160 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [358 kB]
Get:3 http://security.debian.org stretch/updates/main arm64 libdns162 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [905 kB]
Get:4 http://security.debian.org stretch/updates/main arm64 libisccc140 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [197 kB]
Get:5 http://security.debian.org stretch/updates/main arm64 libisccfg140 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [218 kB]
Get:6 http://security.debian.org stretch/updates/main arm64 libbind9-140 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [204 kB]
Get:7 http://security.debian.org stretch/updates/main arm64 liblwres141 arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [209 kB]
Get:8 http://security.debian.org stretch/updates/main arm64 bind9-host arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [228 kB]
Get:9 http://security.debian.org stretch/updates/main arm64 dnsutils arm64 1:9.10.3.dfsg.P4-12.3+deb9u9 [277 kB]
Fetched 2,683 kB in 0s (5,848 kB/s)
Selecting previously unselected package libgeoip1:arm64.
(Reading database … 56030 files and directories currently installed.)
Preparing to unpack …/0-libgeoip1_1.6.9-4_arm64.deb …
Unpacking libgeoip1:arm64 (1.6.9-4) …
Selecting previously unselected package libisc160:arm64.
Preparing to unpack …/1-libisc160_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking libisc160:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package libdns162:arm64.
Preparing to unpack …/2-libdns162_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking libdns162:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package libisccc140:arm64.
Preparing to unpack …/3-libisccc140_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking libisccc140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package libisccfg140:arm64.
Preparing to unpack …/4-libisccfg140_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking libisccfg140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package libbind9-140:arm64.
Preparing to unpack …/5-libbind9-140_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking libbind9-140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package liblwres141:arm64.
Preparing to unpack …/6-liblwres141_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking liblwres141:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package bind9-host.
Preparing to unpack …/7-bind9-host_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking bind9-host (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Selecting previously unselected package dnsutils.
Preparing to unpack …/8-dnsutils_1%3a9.10.3.dfsg.P4-12.3+deb9u9_arm64.deb …
Unpacking dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up libgeoip1:arm64 (1.6.9-4) …
Processing triggers for libc-bin (2.24-11+deb9u3) …
Setting up liblwres141:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Processing triggers for man-db (2.7.6.1-2) …
Setting up libisc160:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up libisccc140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up libdns162:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up libisccfg140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up libbind9-140:arm64 (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up bind9-host (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Setting up dnsutils (1:9.10.3.dfsg.P4-12.3+deb9u9) …
Processing triggers for libc-bin (2.24-11+deb9u3) …
root@jeedom:/etc/apache2#

Donc maintenant tu peux faire la commande nslookup que t’a demandé @mguyard tout à l’heure …

Moi voila ma conf : Accès HTTPS avec certificat personnel - #54 par mguyard

Pour la commande nslookup qui fonctionne maintenant :

root@jeedom:/etc/apache2# nslookup jeedom.home.toto.fr
Server: 192.168.10.1
Address: 192.168.10.1#53

Non-authoritative answer:
Name: jeedom.home.toto.fr
Address: 100.100.100.200

root@jeedom:/etc/apache2#

Alors question conne mais toto.fr c’est ton domaine ?
L’IP 100.100.100.200 c’est surement pas ton ip publique. Alors du coup y’a un vrai souci là

Pas de question conne, merci beaucoup à vous pour vos soutiens.
Mon domaine est toto.fr
Le sous domaine pour la jeedom est jeedom.home.toto.fr
Si 100.100.100.200 c’est mon IP publique (je l’ai modifié bien sûr mais dans le Terminal c’est bien mon adresse IP)