You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2017/10/02 03:05:04 UTC

[users@httpd] issue with apache and virtual hosts and acme-client letsencrypt certificates

Hello,

I'm running a FreeBSD system that I'm running apache on and using that
to validate and put in to place letsencrypt certificates for several
domains.

I thought I had auto-updating working, turns out I didn't, but also
I've got a configuration problem with apache that is preventing
certificate validation.

If I use:

acme-client -v -C /usr/local/www/.well-known/acme-challenge -mbnN
domain.com webmail.domain.com

/usr/local/www/.well-known/acme-challenge is where challenges are
stored, the validation works only if  I have this line commented out:

Redirect / https://www.domain.com/

if the above is uncommented validation fails. My goal is an all-ssl
site except for the acme validations, so if a user types in domain.com
or www.domain.com they get redirected to https. But if a request comes
in with the domain host/.well-known/acme-challenge redirection to the
http site occurs for certificate validation.

Here's a virtual host config:

<VirtualHost *:80>
    ServerAdmin webmaster@domain.com
    DocumentRoot "/usr/vhosts/domain.com/htdocs/"
    ServerName www.domain.com
    ServerAlias domain.com www.domain.com mail.domain.com

    ErrorDocument 404 /errordocs/error404.htm
    # share well-known for renewal via Let's Encrypt!
    Alias /.well-known/acme-challenge /usr/local/www/.well-known/acme-challenge

    # Anything that isn't going to domain.com/.well-known gets
forwarded to the https site
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/.well-known
Redirect / https://www.domain.com/

    ErrorLog "/usr/vhosts/domain.com/logs/error.log"

# for acme challenges
<Directory "/usr/local/www/.well-known/acme-challenge">
   Options None
   AllowOverride None
   Require all granted
   Header add Content-Type text/plain
</Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerAdmin webmaster@domain.com
    DocumentRoot "/usr/vhosts/domain.com/htdocs/"
    ServerName www.domain.com

SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/domain.com/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/domain.com/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/ssl/acme/domain.com/chain.pem"

    <Directory "/usr/vhosts/domain.com/htdocs/">
Options FollowSymLinks
AllowOverRide None
Require all granted
    </Directory>
    <IfModule mod_log_config.c>
        CustomLog "|/usr/local/sbin/rotatelogs -l
/usr/vhosts/domain.com/logs/access.log-%Y-%m-%d.log 86400" combined
    </IfModule>

# Disc cache setup
    CacheQuickHandler off
    CacheLock on
    CacheLockPath /tmp/mod_cache-lock
    CacheLockMaxAge 5
    CacheIgnoreHeaders Set-Cookie
    <Location />
        CacheEnable disk
        CacheHeader on
        CacheDefaultExpire 600
        CacheMaxExpire 86400
        CacheLastModifiedFactor 0.5
        ExpiresActive on
        ExpiresDefault "access plus 5 minutes"
        Header merge Cache-Control public
        FileETag All
    </Location>
</VirtualHost>


Suggestions welcome.

Thanks.
Dave.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org