From 233d127d8d5726897017ada4090e907036589b4c Mon Sep 17 00:00:00 2001 From: mhoellein Date: Tue, 11 Apr 2023 08:28:13 +0200 Subject: [PATCH] committing changes in /etc made by "apt-get upgrade" Package changes: -apache2 2.4.56-1+ubuntu20.04.1+deb.sury.org+1 amd64 -apache2-bin 2.4.56-1+ubuntu20.04.1+deb.sury.org+1 amd64 -apache2-data 2.4.56-1+ubuntu20.04.1+deb.sury.org+1 all -apache2-utils 2.4.56-1+ubuntu20.04.1+deb.sury.org+1 amd64 +apache2 2.4.57-1+ubuntu20.04.1+deb.sury.org+1 amd64 +apache2-bin 2.4.57-1+ubuntu20.04.1+deb.sury.org+1 amd64 +apache2-data 2.4.57-1+ubuntu20.04.1+deb.sury.org+1 all +apache2-utils 2.4.57-1+ubuntu20.04.1+deb.sury.org+1 amd64 --- .etckeeper | 3 ++ apache2/mods-available/ssl.load | 2 +- apache2/sites-available/default-ssl.conf | 29 ------------- letsencrypt/.certbot.lock | 0 letsencrypt/csr/5948_csr-certbot.pem | 26 ++++++++++++ letsencrypt/keys/5948_key-certbot.pem | 52 ++++++++++++++++++++++++ 6 files changed, 82 insertions(+), 30 deletions(-) create mode 100644 letsencrypt/.certbot.lock create mode 100644 letsencrypt/csr/5948_csr-certbot.pem create mode 100644 letsencrypt/keys/5948_key-certbot.pem diff --git a/.etckeeper b/.etckeeper index 585c32e86..94cd1bed0 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1624,6 +1624,7 @@ maybe chmod 0755 'ldap/schema' maybe chmod 0644 'ldap/schema/amavis.schema' maybe chmod 0644 'legal' maybe chmod 0755 'letsencrypt' +maybe chmod 0600 'letsencrypt/.certbot.lock' maybe chmod 0644 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt' maybe chmod 0700 'letsencrypt/accounts' maybe chmod 0700 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org' @@ -8431,6 +8432,7 @@ maybe chmod 0644 'letsencrypt/csr/5944_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/5945_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/5946_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/5947_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/5948_csr-certbot.pem' maybe chmod 0700 'letsencrypt/keys' maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem' @@ -14380,6 +14382,7 @@ maybe chmod 0600 'letsencrypt/keys/5944_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/5945_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/5946_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/5947_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/5948_key-certbot.pem' maybe chmod 0700 'letsencrypt/live' maybe chmod 0644 'letsencrypt/live/README' maybe chmod 0755 'letsencrypt/live/collabora.hoellein.online' diff --git a/apache2/mods-available/ssl.load b/apache2/mods-available/ssl.load index 3d2336ae0..a04f74856 100644 --- a/apache2/mods-available/ssl.load +++ b/apache2/mods-available/ssl.load @@ -1,2 +1,2 @@ -# Depends: setenvif mime socache_shmcb +# Depends: mime socache_shmcb LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so diff --git a/apache2/sites-available/default-ssl.conf b/apache2/sites-available/default-ssl.conf index 9de96fa28..a0d837ce4 100644 --- a/apache2/sites-available/default-ssl.conf +++ b/apache2/sites-available/default-ssl.conf @@ -98,33 +98,4 @@ SSLOptions +StdEnvVars - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - # BrowserMatch "MSIE [2-6]" \ - # nokeepalive ssl-unclean-shutdown \ - # downgrade-1.0 force-response-1.0 - diff --git a/letsencrypt/.certbot.lock b/letsencrypt/.certbot.lock new file mode 100644 index 000000000..e69de29bb diff --git a/letsencrypt/csr/5948_csr-certbot.pem b/letsencrypt/csr/5948_csr-certbot.pem new file mode 100644 index 000000000..45bb02e6b --- /dev/null +++ b/letsencrypt/csr/5948_csr-certbot.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEfDCCAmQCAQIwADCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANO4 +UCNVrpbxjlgR4oyPgqHjK1D2w6165dHiTzlJF1jnwizeDCDzCiLqDveEd7m2AlSE +lj5TF7nTuIgrU8QPVf+SeWXaz0BXN8OGDOPYK+JlG1YxzFTUceOve5l9A5peabLr +GUYG7ObyWseDsZerzqIGdeeYZGMq1RSD1VRTGv/1kbSYvkr3vIF+arT9wK/6Rhq/ +ASIxk1oGalqm60aGEjRFut6NnXE6glGPtIl9XPlq+CtmA5EYdTrgVfOuZI0w9YQB +2W5sM6Dg23qa5DohJF310OtGuHs2yBO+dg4eLvk6mluKLXtB2T549dpAPrrCEloZ ++hgIP30mGqtu3HYZ+vDLeJrTKbSE7vqjWBZFSE0wmE4mBXg/OGSPVZGHXMZRvkyd +rlCFaXbbHPtHeQpWatzPhhU+CfuXyWHO71X1cs/0C1p+zsruzQqtPoy1F6ijVKqs +YYtrVWIx3EA8azwWtuObVDBMbc9N9fWXechfQGJyCAH44vyrtwuFAP8Wcq+S7g1A +sPksurJjIVo6Qr+TIW8FKCNPKd0XgbgqOzrPFBhE00wcTl5Ex5c9y+WMf1v3q+Sw +VOBw/ZmNXQy4iqSxkxHbFKshKaOD8/vg0uSKigDVmH6JGYQaUT1jWWMTLd479uIg +mUk3zaiIKKCU+NBeHLuqYElCChAVAh0mqZYusvORAgMBAAGgNzA1BgkqhkiG9w0B +CQ4xKDAmMCQGA1UdEQQdMBuCGWNvbGxhYm9yYS5ob2VsbGVpbi5vbmxpbmUwDQYJ +KoZIhvcNAQELBQADggIBAA2vNp0sq3rRJ12GEO6cqg3rWuhcyiZrr6hTeQHRYYrk +1fMVyKbjn1BUZvf1q+0kPHtioFApG3+CCA9PoNzl5FsxKsunkhyxyk8oZ02O6YOw +oGGqtqh8ulnQx2d6YD9atcp64T3yC/BduZsC2Ty+zSmxAgkSB9rsb6mk3McHyH7B +DinrKw9o0dTbhtlissJ9gaH/LnBEqeonEmyoXoylkPhhbcy4c0jxU0P1jS06YuRB +w0Q8iy1uCnLIX6XV12+PxdQIdFJFUR55F7681ZmduaIXA+/eGQMXLYPI81UdrOcQ +IOuSST/+hmTlaOVpTS0BdopRmbCP7Ge3mpXk/WmHDAtNd49YRMzgaTfQ0k8kqIrn +CY2DcJ1RjztxZErBckWw0EKZEDdL8LLgpGt1TKlZ6rF7YCfqaqE0Or+UYZKB+ZIl +OTLp6PHZQAq7xSWbXzL0Z9XXF6RrWE+GF/nisg/9AxEu32t6JTBK3OoEVaarouO6 +qaACk1ZxYjUYqtQfpczJ/Lb2Ka8YsaP+oeqZduuMhv6fUmNaSe7e+LRSOdlRHkDv +7ejq90iVGzhiMCI8pDksYvSBobJ8EcB4Tz/ve4vv7q366Bq8hleqbYnmfs5ElJ0G +NpV7no0MMDBcQxybhaK8IoYf/xWEP3m2crzWqp2cnm+wJVwojgHALrMCm7zWQqOb +-----END CERTIFICATE REQUEST----- diff --git a/letsencrypt/keys/5948_key-certbot.pem b/letsencrypt/keys/5948_key-certbot.pem new file mode 100644 index 000000000..bf3563baf --- /dev/null +++ b/letsencrypt/keys/5948_key-certbot.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDTuFAjVa6W8Y5Y +EeKMj4Kh4ytQ9sOteuXR4k85SRdY58Is3gwg8woi6g73hHe5tgJUhJY+Uxe507iI +K1PED1X/knll2s9AVzfDhgzj2CviZRtWMcxU1HHjr3uZfQOaXmmy6xlGBuzm8lrH +g7GXq86iBnXnmGRjKtUUg9VUUxr/9ZG0mL5K97yBfmq0/cCv+kYavwEiMZNaBmpa +putGhhI0RbrejZ1xOoJRj7SJfVz5avgrZgORGHU64FXzrmSNMPWEAdlubDOg4Nt6 +muQ6ISRd9dDrRrh7NsgTvnYOHi75Oppbii17Qdk+ePXaQD66whJaGfoYCD99Jhqr +btx2Gfrwy3ia0ym0hO76o1gWRUhNMJhOJgV4Pzhkj1WRh1zGUb5Mna5QhWl22xz7 +R3kKVmrcz4YVPgn7l8lhzu9V9XLP9Atafs7K7s0KrT6MtReoo1SqrGGLa1ViMdxA +PGs8Frbjm1QwTG3PTfX1l3nIX0BicggB+OL8q7cLhQD/FnKvku4NQLD5LLqyYyFa +OkK/kyFvBSgjTyndF4G4Kjs6zxQYRNNMHE5eRMeXPcvljH9b96vksFTgcP2ZjV0M +uIqksZMR2xSrISmjg/P74NLkiooA1Zh+iRmEGlE9Y1ljEy3eO/biIJlJN82oiCig +lPjQXhy7qmBJQgoQFQIdJqmWLrLzkQIDAQABAoICAQCGyN3rwM5nNdzC4I/zoCEv +4qle39nvBUBt/78j3w5IATMy0SGzkEYxuARTOzflOKP/HnFvuAJwwQLHXZ30QTck +fyFd4JD0ixHrHdny61n0xR1EIGvOzXi71KnBKz8x9U0hJF5woFQNKtj0DzjuL+ha +afaBvBicsVX5u3wCNO4JaVKbQGpU26ZcYhiYpLsYzSH4QQT9ucXvGAp5L660tQG9 +2W5/5HQI85CnT+9FYFPiTWE0b7txkbqAAvV1Lt7ArByBL5Q2ohe0IbJYOWd2Qkce +sjGQtvMXLebt+uC5WCnbbJ18DVmrEF63UNZjXWcSCh8Y0VTQG+AfUjTEUs1zOlLv +9IiW3c23w/fk764APIc6QWYbZEXpywhjXY5+UhVC9DRVYD1h3v30csH+lJjz0l4m +LS6TMkAgCNThj9o5BcVoJxBVX2Cn37QOoTtTXAaJKTuVuYMi7wc4e6WCehewKQZd +hUaeTW7wDkHle8KLJEx9/CE4JKbCj5JvSO8pCsP2DPX/ksKVkGWiDlukPTbWUJLt +Zj2fu9pw5E05KMIsHOPZEWc3ne5Cfuq63W2UhFx+tusp50z0HirT6IjJqQqwpoHL +2D5f3b4fCTAKzY4RqNuNg+3u4gotHcS8+f9oSEhMmfkCW5PggoW2Ehm5LbgKILQz +km4LJRG7gTxe1J+Iz99ryQKCAQEA6wsKhnqgEir40PljErXhjhzLesaIIlqDn5Vk +lVD0o00zUzVU3LbTqCT4P2UhFx/U/MT6xEv5anof+CsJfLkBAOYb+xFpTGEEMdwF +Qna5yGXz9mylirb9YkVtCycSAGOVgSbakW1qS7rpZG+ecgXKFa+V3U/qD1jzs0uZ +2ow6CO34LiKbRBZKIOz0vnzpqCWZjI5taR2ppPP3TorTcMazgvP0qWRMfDoiMiQR +dBH7ViGFdI0kQTKS3vssZTIRAdoi1i1D1rApnxNLEUNaSH6QKud4qsFqoXKtsxwo +jLIn+ICAl78yZkRG/essh86Y3VhlNDm5DqlLKkNB24WCZl2t4wKCAQEA5pjpN8gX +nceyAlvafQDMszThxbU5d5pCVl4WrlunBBcjM/MJZqcOcwyFnHIOm0HlppJSRRnM +kX17dlySqm+TzBsw5REEg7saJUZM8LVxrEh81Ke37l/V7RcjG7Qw9HoRa78KFl54 ++s57QqlSfePVHTZd3G5ZK8sJNRtMwJzPx44M5RanhUuhh9xX4ZWioDRhzZmpX1cQ +6Qxv/N0UZ7cHVmIBIow2fj1pBK65vHT3kHWEcD+uqy3i8AgbiZ8g+bfQlchE/aQ2 +tfGv4W9q5enf7NoEh/UF3+QnEVF5pyJ6nxK1TDECUoLJl8oN/bg51H6oRem15H14 +HV34msHrXPqS+wKCAQAFkO1e4eiIhZv+1ukRuFzvEJ+A+NKgfaRAUzlej9w7QcjF +X63yzCGXCckXNz3hXk+c7M1DeMkfTGUVa29+FKOBcfGXsIHd3S5MP/mf6U/c/w0X ++NqyvkKh4SMD8JjsiW8w78qdRwoNYQ/F4R7PdHOkr9PMuefBFUowJMov8sItE/Wc +ohUrN5vpy7LAEBU4dit8uKK+qoUp8t0YbxEyyoHVyBEzMbzd9EJ7DX+cUBCzqXeP +mwgQwzHXNfuHKfhdIt1QVSIWI3XY3owYjI/Gx7iCS5j/8jSkPiL+6tvK+S0ZJXHm +JhD7ewJzYO5dCPd1xnIfGn7XagrtpUoZ+L9tzSohAoIBAQDQNzIelCX+6dnqF1Zp +mNc82XsjMkf5nuhXZA3G0is0nk/DEKhkcGOzrpLWeIaH2jCq/2QZ0PnORSe98Eje +bHFf0w2LSJpy9/bbwWan0q4ZijptKiQCsbZQppuk4Edz+OTSDWXmXNeQX/EceBds +ZNSB1B1cdKc/y808jrH3GaDj53ftQ09wJKJuMp+Hqb12OtY095Lf65XxWLGl+Vn7 +bGDLtyKfN0vdIUY6XCqJ6HPBlNtJH7dwCbboVenHklAMK9XD6VmiTSy5jMnrHNfB +UjRHgXSl7rCnQTOlh5P5PkDKcfISIg6ewkmVLXUEq9xL6zG2Lxl2f3R9z+QymPcU +tY0RAoIBAQCITos+l8xpVeNRfDZEPjxex/ms84+K+g0fwwRKmd1T9Rrj4e7n7Zh+ +KzNlHPKh8Y7FYBl1s1e9MZLPNSh9ixdXw1elSS8/gGJ77CnmqQh8PVZF5Q1zfyxu +WOi2vCGOAG6ANKwg1JIzqb7cY9nk/Z6snYxzAYlNDrrc/LnQL2mz3q/J6YbC6/Oe +IpfBfhGfLYeaCsL1S+X7okZjDf4jPZEhV8nzld3Sc1rKBd+hLio1grBOISR6J2Ss +ZfNgdeF50pEq0yxAAL5L2emfh3geGWr44C7kRBjezvX6XoYwYzYWSUO3jNkSteo9 +hnoWC2lpXgRSfkRe2hfP6tc0/T/ajP2E +-----END PRIVATE KEY----- -- 2.43.0