You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com> on 2020/11/05 17:07:19 UTC
Re: Something I still don't quite understand, Re: Let's Encrypt with
Tomcat behind httpd
On 8/24/20 9:57 AM, Christopher Schultz wrote:
> So your RewriteCond[ition] is expected to always be true? Okay. Maybe
> remove it, then? BTW I think your rewrite will strip query strings and
> stuff like that. Maybe you just want RedirectPermanent instead of
> Rewrite(Cond|Rule)?
Ladies and Gentlemen:
This past Friday, the cached challenge result expired, and so this past
Monday, I ran another certbot test.
With the rewrite in place for our "subdomain of interest," the cert
covering everything else served by the httpd server renewed without
incident, but the separate cert covering this subdomain failed completely.
I commented out the rewrite, and ran the test again, and both renewed
without incident.
I posted a redacted version of the complete VirtualHost blocks back on
August 24th. And after I'd run my tests this week, I've also posted it
to ServerFault, at
https://serverfault.com/q/1041047/498231
I'm intrigued by Mr. Schultz's suggestion of
> Maybe you just want RedirectPermanent instead of
> Rewrite(Cond|Rule)?
Would that make a difference? Or is it just a matter of altering the
RewriteCond clause to specifically ignore anything that looks like a
Let's Encrypt challenge? Or is there something I can put on the default
landing page for the subdomain, rather than in the VirtualHost, to cause
the redirection?
As I recall (unless there's a way to force-expire the cached challenge
result on a certbot call), I have to wait until December to run another
test.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Something I still don't qutite understand, Re: Let's Encrypt with
Tomcat behind httpd
Posted by Patrick Baldwin <pb...@myersinfosys.com>.
Dr it really does not work
On Thu, Nov 5, 2020, 12:07 PM James H. H. Lampert <ja...@touchtonecorp.com>
wrote:
> On 8/24/20 9:57 AM, Christopher Schultz wrote:
>
> > So your RewriteCond[ition] is expected to always be true? Okay. Maybe
> > remove it, then? BTW I think your rewrite will strip query strings and
> > stuff like that. Maybe you just want RedirectPermanent instead of
> > Rewrite(Cond|Rule)?
>
> Ladies and Gentlemen:
>
> This past Friday, the cached challenge result expired, and so this past
> Monday, I ran another certbot test.
>
> With the rewrite in place for our "subdomain of interest," the cert
> covering everything else served by the httpd server renewed without
> incident, but the separate cert covering this subdomain failed completely.
>
> I commented out the rewrite, and ran the test again, and both renewed
> without incident.
>
> I posted a redacted version of the complete VirtualHost blocks back on
> August 24th. And after I'd run my tests this week, I've also posted it
> to ServerFault, at
> https://serverfault.com/q/1041047/498231
>
> I'm intrigued by Mr. Schultz's suggestion of
>
> > Maybe you just want RedirectPermanent instead of
> > Rewrite(Cond|Rule)?
>
> Would that make a difference? Or is it just a matter of altering the
> RewriteCond clause to specifically ignore anything that looks like a
> Let's Encrypt challenge? Or is there something I can put on the default
> landing page for the subdomain, rather than in the VirtualHost, to cause
> the redirection?
>
> As I recall (unless there's a way to force-expire the cached challenge
> result on a certbot call), I have to wait until December to run another
> test.
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Something I still don't quite understand, Re: Let's Encrypt with
Tomcat behind httpd
Posted by Christopher Schultz <ch...@christopherschultz.net>.
James,
On 11/5/20 12:07, James H. H. Lampert wrote:
> I'm intrigued by Mr. Schultz's suggestion of
>
>> Maybe you just want RedirectPermanent instead of
>> Rewrite(Cond|Rule)?
>
> Would that make a difference? Or is it just a matter of altering the
> RewriteCond clause to specifically ignore anything that looks like a
> Let's Encrypt challenge? Or is there something I can put on the default
> landing page for the subdomain, rather than in the VirtualHost, to cause
> the redirection?
I'm just thinking that Redirect[*] is a simpler configuration than
Rewrite(Cond|Rule).
> As I recall (unless there's a way to force-expire the cached challenge
> result on a certbot call), I have to wait until December to run another
> test.
You can delete all your stuff, but LE will get upset if you make
requests too frequently. There is a way to ask LE to let you "test"
stuff and they will lower the frequency limits. I have forgotten how to
do that, but it might be a good idea to look into it since you really
are testing things at this point.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org