Sunday, Debtember 04, 2022
Late to the party
I've been blogging for 23 years as of today.
This is also the first day this blog is being served up via https:.
All I had to do was just install the latest version of Apache on my server.
It took several days,
but I got the latest version of Apache compiled and installed on my server.
Yes,
I did it the hard way.
What better way of knowing how things work than doing it the hard way.
I then spent Saturday updating the configuration.
There were a few changes,
like NameVirtualHost being deprecated,
and having to add “Protocols h2 h2c http/1.1” and “Require all granted”.
Once that was done and the new server was up and running,
then I dove into the whole “Encrypt All The Things!” rabbit hole
(I know, I know, 2015 called and said I was late to the party).
A recent post of mine made it to The Orange Site and fully half of the comments were about the disturbing lack of faith TLS I had.
Of course.
Fortunately,
Apache has a module to handle certificates from Let's Encrypt
(or others places that support the “certificate update dance” protocol).
Unfortunately,
there are subtleties not mentioned in the documentation.
Like the MDCACertificateFile directive
(which I need for my setup—don't ask)
not being documented.
Or the fact that if you make any type of mistake
(like using the wrong domain name because you cut-n-paste the configuration from one host into another and forgot to make the domain name change,
or using “SSLEngine on” in the wrong place,
or forgetting to add acme-tls/1 to the Protocols directive)
everything goes pear shaped and Let's Encrypt will rate limit and … ugh.
I'm just lucky I have a few domains to practice on before enabling it for my main sites.
But I was able to finish in time for the 23rd anniversary of my blog and get that stupid little lock on my site.
You're welcome.
