Configure SSL on Apache with A+ rating

APACHE SSL HTTPS WEBSITE

a2enmod ssl
a2enmod cgi
a2enmod speling
a2enmod rewrite
a2enmod ssl headers

a2disconf apache2-doc


systemctl restart apache2


apt-get install python-certbot-apache
apt-get install certbot
wget https://dl.eff.org/certbot-auto
chmod 755 certbot-auto

mv /etc/pip.conf /etc/pip.conf_OFF

 

mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
/usr/local/bin/certbot-auto --help

# Get the FREE Let's Encrypt certificate..

./certbot-auto


systemctl restart apache2

 

 

vi /etc/apache2/mods-available/ssl.conf

# intermediate configuration --- THIS GIVES AN A+ RATING AT https://www.ssllabs.com/ssltest
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-#POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

 

FOR ADDITIONAL SECURITY!!!!

vi /etc/apache2/conf-available/security.conf
ServerTokens Prod
ServerSignature Off
TraceEnable Off

vi /etc/php/7.3/apache2/php.ini
;realpath_cache_ttl = 120
realpath_cache_ttl = 300
;upload_tmp_dir =
upload_tmp_dir = /tmp
;post_max_size = 8M
post_max_size = 16M
;upload_max_filesize = 2M
upload_max_filesize = 16M
;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT