Many years ago, someone mentioned on a congress that apache has an interesting feature: if apache doesn't know a file-extension, it will just take the next one. If someone saves a file called "shell.php.ab", apache would not know what to do with the extension ".ab". So it will just skip this one and uses the next one and the file "evil.php.ab" becomes "evil.php" and gets executed.
Lets Encrypt was lately quite often in the media. Letsencrypt is a very easy to use tool which provides certificates for free. Those certificates are valid on most common browsers. I never understood why certificates are expensive that's why I tried out letsencrypt(and I like it!). In this article, I will replace all cacert-certificates on a kolab-server. Therefore I will install the letsencrypt-certificate on: apache2, cyrus-imapd and postfix.
If you Upgrade your Debian Webservers to the new Debian-relase "Jessie", you might experience some issues with the config-syntax of Apache2.4.