{"id":138,"date":"2021-06-13T16:04:27","date_gmt":"2021-06-13T14:04:27","guid":{"rendered":"https:\/\/alessandromasciadri.com\/?p=138"},"modified":"2022-07-21T19:53:49","modified_gmt":"2022-07-21T17:53:49","slug":"come-ottenere-un-certificato-ssl-per-apache-su-ubuntu","status":"publish","type":"post","link":"https:\/\/alessandromasciadri.com\/come-ottenere-un-certificato-ssl-per-apache-su-ubuntu\/","title":{"rendered":"Come ottenere un certificato SSL per Apache su Ubuntu"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In questa guida utilizzeremo i servizi offerti da Let’s Encrypt, una Certification Authority (CA) che automatizza gratuitamente la creazione, la validazione, il rilascio ed il rinnovo di certificati X.509 che permettono l’abilitazione di HTTPS crittografato sui Server Web.<\/p>\n

Utilizzeremo inoltre il client Certbot per ottenere un certificato SSL gratuito ed impostarne il rinnovo automatico.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Installare Certbot<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Il primo passo per ottenere un certificato SSL per il proprio Web Server \u00e8 quello di installare sullo stesso il software Certbot.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\n\t\t\t\t\tsudo apt update\r\nsudo apt install certbot python3-certbot-apache<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-8073120 akihiro-widget akihiro-widget-heading\" data-id=\"8073120\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h4 class=\"akihiro-heading-title akihiro-size-default\">Configurazione del Firewall<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-0a36971 akihiro-widget akihiro-widget-text-editor\" data-id=\"0a36971\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Se il firewall ufw \u00e8 abilitato \u00e8 inoltre necessario creare una nuova regola per consentire il traffico HTTPS.<\/p>\n<p>Anzitutto verifichiamo se il firewall \u00e8 attivo<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e6f90c2 akihiro-widget akihiro-widget-code-highlight\" data-id=\"e6f90c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>sudo ufw status<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-c8aa286 akihiro-widget akihiro-widget-text-editor\" data-id=\"c8aa286\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nel caso sia attivo, consentiamo il traffico HTTPS per Apache<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-bf5e5d3 akihiro-widget akihiro-widget-code-highlight\" data-id=\"bf5e5d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>sudo ufw allow 'Apache Full'<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-6f7f8dd akihiro-widget akihiro-widget-heading\" data-id=\"6f7f8dd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h4 class=\"akihiro-heading-title akihiro-size-default\">Ottenere un certificato SSL<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-cbce788 akihiro-widget akihiro-widget-text-editor\" data-id=\"cbce788\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Certbot utilizza il plugin di Apache per ottenere certificati SSL.<\/p>\n<p>Eseguiamo questo comando per ottenere un certificato SSL e permettere a Certbot di modificare automaticamente la configurazione di Apache.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-29483c4 akihiro-widget akihiro-widget-code-highlight\" data-id=\"29483c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>sudo certbot --apache<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-00f1e9c akihiro-widget akihiro-widget-heading\" data-id=\"00f1e9c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h4 class=\"akihiro-heading-title akihiro-size-default\">Impostare il rinnovo automatico<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-61f7a79 akihiro-widget akihiro-widget-text-editor\" data-id=\"61f7a79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>I pacchetti Certbot sono dotati di un cron job che permette il rinnovo dei propri certificati prima che questi scadano. Siccome i certificati Let&#8217;s Encrypt durano per 90 giorni, \u00e8 decisamente consigliato utilizzare questa funzionalit\u00e0. \u00c8 possibile verificare il rinnovo automatico dei certificati eseguendo questo comando:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-6bd603f akihiro-widget akihiro-widget-code-highlight\" data-id=\"6bd603f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>sudo certbot renew --dry-run<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-1328b41 akihiro-widget akihiro-widget-text-editor\" data-id=\"1328b41\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Il comando di Certbot per il rinnovo automatico \u00e8 memorizzato in uno dei seguenti percorsi:<\/p>\n<ul>\n<li>\/etc\/crontab\/<\/li>\n<li>\/etc\/cron.*\/*<\/li>\n<li>systemctl list-timers<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-dc66618 akihiro-widget akihiro-widget-heading\" data-id=\"dc66618\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h4 class=\"akihiro-heading-title akihiro-size-default\">Verifica della corretta installazione del certificato<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-6809047 akihiro-widget akihiro-widget-text-editor\" data-id=\"6809047\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Per avere conferma che il certificato SSL sia stato generato ed installato correttamente, visita il tuo sito e verifica che nella barra URL del tuo browser sia presente l&#8217;icona del lucchetto.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-c81a698 akihiro-widget akihiro-widget-heading\" data-id=\"c81a698\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h4 class=\"akihiro-heading-title akihiro-size-default\">Conclusione<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-fec4295 akihiro-widget akihiro-widget-text-editor\" data-id=\"fec4295\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Questo articolo parla di come configurare Let&#8217;s Encrypt su una macchina Ubuntu per ottenere un certificato SSL per Apache ed automatizzarne il rinnovo.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In questa guida utilizzeremo i servizi offerti da Let&#8217;s Encrypt, una Certification Authority (CA) che automatizza gratuitamente la creazione, la validazione, il rilascio ed il rinnovo di certificati X.509 che permettono l&#8217;abilitazione di HTTPS crittografato sui Server Web. Utilizzeremo inoltre il client Certbot per ottenere un certificato SSL gratuito ed impostarne il rinnovo automatico. Installare [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[20,19],"class_list":["post-138","post","type-post","status-publish","format-standard","hentry","category-sistemistica","tag-linux","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/138","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/comments?post=138"}],"version-history":[{"count":7,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/138\/revisions"}],"predecessor-version":[{"id":917,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/138\/revisions\/917"}],"wp:attachment":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/media?parent=138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/categories?post=138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/tags?post=138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}