You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2017/10/02 03:05:04 UTC
[users@httpd] issue with apache and virtual hosts and acme-client letsencrypt certificates
Hello,
I'm running a FreeBSD system that I'm running apache on and using that
to validate and put in to place letsencrypt certificates for several
domains.
I thought I had auto-updating working, turns out I didn't, but also
I've got a configuration problem with apache that is preventing
certificate validation.
If I use:
acme-client -v -C /usr/local/www/.well-known/acme-challenge -mbnN
domain.com webmail.domain.com
/usr/local/www/.well-known/acme-challenge is where challenges are
stored, the validation works only if I have this line commented out:
Redirect / https://www.domain.com/
if the above is uncommented validation fails. My goal is an all-ssl
site except for the acme validations, so if a user types in domain.com
or www.domain.com they get redirected to https. But if a request comes
in with the domain host/.well-known/acme-challenge redirection to the
http site occurs for certificate validation.
Here's a virtual host config:
<VirtualHost *:80>
ServerAdmin webmaster@domain.com
DocumentRoot "/usr/vhosts/domain.com/htdocs/"
ServerName www.domain.com
ServerAlias domain.com www.domain.com mail.domain.com
ErrorDocument 404 /errordocs/error404.htm
# share well-known for renewal via Let's Encrypt!
Alias /.well-known/acme-challenge /usr/local/www/.well-known/acme-challenge
# Anything that isn't going to domain.com/.well-known gets
forwarded to the https site
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/.well-known
Redirect / https://www.domain.com/
ErrorLog "/usr/vhosts/domain.com/logs/error.log"
# for acme challenges
<Directory "/usr/local/www/.well-known/acme-challenge">
Options None
AllowOverride None
Require all granted
Header add Content-Type text/plain
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@domain.com
DocumentRoot "/usr/vhosts/domain.com/htdocs/"
ServerName www.domain.com
SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/domain.com/cert.pem"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/domain.com/privkey.pem"
SSLCertificateChainFile "/usr/local/etc/ssl/acme/domain.com/chain.pem"
<Directory "/usr/vhosts/domain.com/htdocs/">
Options FollowSymLinks
AllowOverRide None
Require all granted
</Directory>
<IfModule mod_log_config.c>
CustomLog "|/usr/local/sbin/rotatelogs -l
/usr/vhosts/domain.com/logs/access.log-%Y-%m-%d.log 86400" combined
</IfModule>
# Disc cache setup
CacheQuickHandler off
CacheLock on
CacheLockPath /tmp/mod_cache-lock
CacheLockMaxAge 5
CacheIgnoreHeaders Set-Cookie
<Location />
CacheEnable disk
CacheHeader on
CacheDefaultExpire 600
CacheMaxExpire 86400
CacheLastModifiedFactor 0.5
ExpiresActive on
ExpiresDefault "access plus 5 minutes"
Header merge Cache-Control public
FileETag All
</Location>
</VirtualHost>
Suggestions welcome.
Thanks.
Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org