Editing Home systems (section)

== SSL certificates ==

linux1 server cert locations:

 ls /etc/ssl/certs/

nextcloud server cert locations, most recent and actual locations

 sudo ls -l /var/snap/nextcloud/current/certs/certbot/config/live/msgsb.com
 lrwxrwxrwx 1 root root  34 Apr  6 08:50 cert.pem -> ../../archive/msgsb.com/cert17.pem
 lrwxrwxrwx 1 root root  35 Apr  6 08:50 chain.pem -> ../../archive/msgsb.com/chain17.pem
 lrwxrwxrwx 1 root root  39 Apr  6 08:50 fullchain.pem -> ../../archive/msgsb.com/fullchain17.pem
 lrwxrwxrwx 1 root root  37 Apr  6 08:50 privkey.pem -> ../../archive/msgsb.com/privkey17.pem
 -rw-r--r-- 1 root root 692 Mar 24  2022 README

 sudo ls -lt /var/snap/nextcloud/current/certs/certbot/config/archive/msgsb.com/ | head
 -rw-r--r-- 1 root root 3968 Apr  6 08:50 fullchain17.pem
 -rw-r--r-- 1 root root 2167 Apr  6 08:50 cert17.pem
 -rw-r--r-- 1 root root 1801 Apr  6 08:50 chain17.pem
 -rw------- 1 root root 3272 Apr  6 08:50 privkey17.pem
 -rw-r--r-- 1 root root 3903 Jan 10 08:08 fullchain16.pem
 -rw-r--r-- 1 root root 2102 Jan 10 08:08 cert16.pem
 -rw-r--r-- 1 root root 1801 Jan 10 08:08 chain16.pem
 -rw------- 1 root root 3272 Jan 10 08:08 privkey16.pem
 -rw-r--r-- 1 root root 3903 Oct 19 08:40 fullchain15.pem

Directions from the web:

To mirror a web certificate across two Linux servers, you'll need to copy the certificate files (certificate and private key) and potentially a CA bundle to the second server, ensuring proper permissions and configuration.
 
Here's a more detailed breakdown:

1. Identify Certificate and Key Locations:
Locate the certificate file (e.g., *.crt) and the private key file (e.g., *.key): on the server where the certificate is currently installed. Common locations include /etc/ssl/certs/, /etc/letsencrypt/live/, or a path configured by your web server (e.g., Apache, Nginx). 
If you have a CA bundle, locate that as well: (e.g., ca-bundle.crt or similar). 

2. Copy the Files:
Use a secure method to copy the files: (e.g., scp, rsync) from the source server to the target server.
Example using scp: scp -r /path/to/certificate /path/to/private_key /path/to/ca_bundle_if_exists user@target_server:/path/to/destination/.
Ensure the files are copied to a location accessible by your web server: on the target server. 

3. Configure Permissions:
Set appropriate permissions on the copied files and directories .
The web server user should have read access to the certificate and CA bundle (if applicable).
The private key should have restricted access, ideally only readable by the web server user.
Example command to change ownership: sudo chown web_server_user:web_server_group /path/to/certificate /path/to/private_key /path/to/ca_bundle_if_exists. 

4. Update Web Server Configuration:
Modify your web server configuration (e.g., Apache, Nginx) to point to the new certificate and key locations: on the target server.
Restart the web server: for the changes to take effect. 

5. Optional: Concatenate Certificates (if needed):
If you have multiple certificate files (e.g., the main certificate and an intermediate certificate), you might need to concatenate them into a single file (e.g., ssl-bundle.crt).

Use a command like: cat /path/to/your_certificate.crt /path/to/intermediate_certificate.crt > /path/to/ssl-bundle.crt. 

Example (using Nginx):

1. Locate files:
Assume your certificate is at /etc/nginx/ssl/your_domain.crt, and your private key is at /etc/nginx/ssl/your_domain.key.

2. Copy files:
scp -r /etc/nginx/ssl/your_domain.crt /etc/nginx/ssl/your_domain.key user@target_server:/etc/nginx/ssl/.

3. Configure Nginx:
In your Nginx configuration file (e.g., /etc/nginx/sites-available/your_domain), update the ssl_certificate and ssl_certificate_key directives to point to the new locations on the target server. 

Code

 ssl_certificate /etc/nginx/ssl/your_domain.crt;
 ssl_certificate_key /etc/nginx/ssl/your_domain.key;

Restart Nginx: sudo systemctl restart nginx. 


[[Main_Page]] Main