Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Let's Encrypt problems |
|
| Author |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
 Posted: Tue 20 Sep '22 20:38 Post subject: Let's Encrypt problems |
 |
|
I have a domain on one server which should redirect all traffic (HTTP and HTTPS) to another server. To do so for HTTPS I need to create a cert.
This is my config working for the challenge on 80:
| Code: | <VirtualHost _default_:80>
ServerAdmin hello@my.tld
ServerName my.tld
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^\.well\-known
RewriteRule - [L]
</IfModule>
<IfModule mod_alias.c>
RedirectMatch "^/$" "https://www.my.tld"
</IfModule>
</VirtualHost> |
| Code: | <IfModule mod_ssl.c>
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocache(128000)
<VirtualHost *:443>
ServerAdmin hello@my.tld
ServerName my.tld
RedirectPermanent / https://www.my.tld/
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/my.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.tld/privkey.pem
</IfModule>
</VirtualHost>
</IfModule> |
In this setup I can generate the Let's Encrypt certs and most of the redirects work, but not all of them.
Works:
https://www.my.tld/faq
http://www.my.tld/faq
https://my.tld/faq
Fails:
http://my.tld/faq
To cut is short: What will I have to add to keep the cert challenge on the server (HTTP) but redirect everything else for HTTP to the other server.
If I replace
| Code: | <IfModule mod_alias.c>
RedirectMatch "^/$" "https://www.my.tld"
</IfModule> |
by
| Code: | | RedirectPermanent / https://www.my.tld/ |
all four redirects work however the challenge fails since it does not stay on the server but is also being redirected to the other server.
If I do something like
| Code: | | RewriteRule "^/(.+)" "https://www.my.tld/$1" [R,L] |
or
| Code: | | RedirectMatch "^/(.*)" "http://www.my.tld/$1" |
the redirecting works but the cert challenge fails since this is also being directed.
I am clueless on how to move forward here. Any help is very much appreciated. |
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 85
Location: US
|
| Posted: Fri 30 Sep '22 19:54 Post subject: Re: Let's Encrypt problems |
|
|
Maybe change
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^\.well\-known
RewriteRule - [L]
</IfModule>
<IfModule mod_alias.c>
RedirectMatch "^/$" "https://www.my.tld"
</IfModule>
to:
RewriteEngine on (this first section I have on all servers):
RewriteCond %{REQUEST_URI} ^/\.well\-known(.*) [OR]
RewriteCond %{REQUEST_URI} ^/md-status [OR]
RewriteCond %{REQUEST_URI} ^/server-status
Rewriterule - - [L]
RewriteRule ^(.*)$ https://my.tld/$ [L,R=301] |
|
| Back to top |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
| Posted: Mon 28 Nov '22 13:24 Post subject: Re: Re: Let's Encrypt problems |
|
|
Hello sailor,
please excuse my late reply. Reality made me ... until this issue resurfaced due to the certificate expiration. 
Anyhow, thanks a lot for your suggestion. It works!
In the end, I only needed to add this since the other two rewrite conditions did not apply to my setup.
| Code: |
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/\.well\-known(.*)
RewriteRule - - [L]
RewriteRule ^(.*)$ https://my.tld/$ [L,R=301]
|
Note that there was a little typo in your RewriteRule - - [L] statement.
Thanks again for your valuable suggestion which I very much appreciate.
All the best to you! |
|
| Back to top |
|
|
|
|
|
|
