Re: Something I still don't qutite understand, Re: Let's Encrypt with Tomcat behind httpd

[Patrick Baldwin <pb...@myersinfosys.com>]

Dr it really does not work

On Thu, Nov 5, 2020, 12:07 PM James H. H. Lampert <ja...@touchtonecorp.com>
wrote:

> On 8/24/20 9:57 AM, Christopher Schultz wrote:
>
> > So your RewriteCond[ition] is expected to always be true? Okay. Maybe
> > remove it, then? BTW I think your rewrite will strip query strings and
> > stuff like that. Maybe you just want RedirectPermanent instead of
> > Rewrite(Cond|Rule)?
>
> Ladies and Gentlemen:
>
> This past Friday, the cached challenge result expired, and so this past
> Monday, I ran another certbot test.
>
> With the rewrite in place for our "subdomain of interest," the cert
> covering everything else served by the httpd server renewed without
> incident, but the separate cert covering this subdomain failed completely.
>
> I commented out the rewrite, and ran the test again, and both renewed
> without incident.
>
> I posted a redacted version of the complete VirtualHost blocks back on
> August 24th. And after I'd run my tests this week, I've also posted it
> to ServerFault, at
> https://serverfault.com/q/1041047/498231
>
> I'm intrigued by Mr. Schultz's suggestion of
>
> > Maybe you just want RedirectPermanent instead of
> > Rewrite(Cond|Rule)?
>
> Would that make a difference? Or is it just a matter of altering the
> RewriteCond clause to specifically ignore anything that looks like a
> Let's Encrypt challenge? Or is there something I can put on the default
> landing page for the subdomain, rather than in the VirtualHost, to cause
> the redirection?
>
> As I recall (unless there's a way to force-expire the cached challenge
> result on a certbot call), I have to wait until December to run another
> test.
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>