Configure SSL on Apache with A+ rating

APACHE SSL HTTPS WEBSITE

a2enmod ssl
a2enmod cgi
a2enmod speling
a2enmod rewrite
a2enmod ssl headers

a2disconf apache2-doc


systemctl restart apache2


apt-get install python-certbot-apache
apt-get install certbot
wget https://dl.eff.org/certbot-auto
chmod 755 certbot-auto

mv /etc/pip.conf /etc/pip.conf_OFF

 

mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --help

# Get the FREE Let's Encrypt certificate..

./certbot-auto


systemctl restart apache2

 

 

vi /etc/apache2/mods-available/ssl.conf

# intermediate configuration --- THIS GIVES AN A+ RATING AT https://www.ssllabs.com/ssltest
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-#POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

 

FOR ADDITIONAL SECURITY!!!!

vi /etc/apache2/conf-available/security.conf
ServerTokens Prod
ServerSignature Off
TraceEnable Off

vi /etc/php/7.3/apache2/php.ini
;realpath_cache_ttl = 120
realpath_cache_ttl = 300
;upload_tmp_dir =
upload_tmp_dir = /tmp
;post_max_size = 8M
post_max_size = 16M
;upload_max_filesize = 2M
upload_max_filesize = 16M
;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT

 

What do you think or any questions?

Send us feedback!

Enter the sum of the numbers.

Menu

  If you like my website, feel free to donate via the Paypal button... A small amount for a cup of coffee is enough ;-) Thank you!