Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
obtain_let_s_encrypt_trusted_tls_certificate [23 June 2025 / 18:27:36] – [Standalone Plugin] kadekobtain_let_s_encrypt_trusted_tls_certificate [23 June 2025 / 19:29:39] (current) – [Using webroot Plugin] kadek
Line 1: Line 1:
 ===== Let's Encrypt TLS Certificate ===== ===== Let's Encrypt TLS Certificate =====
  
-SoftEtherVPN server creates a self-signed TLS certificate during the installation process, but we will use Let’s Encrypt certificate. The advantage of using Let’s Encrypt certificate is that it’s free, easier to set up, and trusted by VPN client software.+softEtherVPN server creates a self-signed TLS certificate during the installation process, but we will use Let’s Encrypt certificate. The advantage of using Let’s Encrypt certificate is that it’s free, easier to set up, and trusted by VPN client software.
  
   * Run the following commands to install Let’s Encrypt client (certbot) from the default Ubuntu repository:   * Run the following commands to install Let’s Encrypt client (certbot) from the default Ubuntu repository:
Line 13: Line 13:
 ==== Standalone Plugin ==== ==== Standalone Plugin ====
  
-  * If there’s no Web Server running on your Ubuntu 24.04 server and SoftEther VPN server intended to use port 443, then we can use the standalone plugin to obtain TLS certificate from Let’s Encrypt:+  * If there’s no Web Server running on your Ubuntu 24.04 server and  softEtherVPN server intended to use port 443, then we can use the standalone plugin to obtain TLS certificate from Let’s Encrypt:
  
    sudo certbot certonly --standalone --preferred-challenges http --agree-tos --key-type rsa --email you@yourdomain.com -d vpn.yourdomain.com    sudo certbot certonly --standalone --preferred-challenges http --agree-tos --key-type rsa --email you@yourdomain.com -d vpn.yourdomain.com
Line 23: Line 23:
  
   sudo nano /etc/apache2/sites-available/vpn.example.com.conf   sudo nano /etc/apache2/sites-available/vpn.example.com.conf
 +  sudo ln -s /etc/apache2/sites-available/vpn.example.com.conf /etc/apache2/sites-enable/vpn.example.com.conf
  
   * And paste the following lines into the file:   * And paste the following lines into the file:
  
   <VirtualHost *:80>           <VirtualHost *:80>        
-        ServerName vpn.example.com +      ServerName vpn.example.com 
- +      DocumentRoot /var/www/vpn.example.com 
-        DocumentRoot /var/www/html/+      <Directory /var/www/vpn.example.com> 
 +         Options Indexes FollowSymLinks 
 +         AllowOverride All 
 +         Require all granted 
 +      </Directory>
   </VirtualHost>   </VirtualHost>
  
   * Save and close the file. Then create the web root directory:   * Save and close the file. Then create the web root directory:
  
-  sudo mkdir /var/www/html+  sudo mkdir /var/www/vpn.example.com
  
   * Set www-data (Apache user) as the owner of the web root:   * Set www-data (Apache user) as the owner of the web root:
  
-  sudo chown www-data:www-data /var/www/html -R+  sudo chown -R www-data:www-data /var/www/vpn.example.com
  
   * Enable this virtual host:   * Enable this virtual host: