Acme-Challenge not requestable by all sub-domains?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have Apache 2.4 and the following site-config for acme challenges:
<IfModule mod_alias.c>
Alias /.well-known/acme-challenge /var/www/letsencrypt/challenges/
<Directory "/var/www/letsencrypt/challenges/">
Options -Indexes
</Directory>
</IfModule>
<IfModule mod_rewrite.c>
#Redirect before other rewrite rules
RewriteCond %REQUEST_URI /.well-known/acme-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]
</IfModule>
The file is linked in sites-enabled as 000-acme-challenge.conf so it will have first priority over all others. It only seem to work for sub-/domains where PHP is running as FPM, not where e.g. GitWeb is running as CGI.
Strange, as e.g. my GitWeb (publicly accessible) is linked as 010-git.conf which should load it after 000 (right?).
Plus I get a rate-limit error 429 for some sites. Maybe I have to wait some time there. ;-)
All sub-/domains run as VirtualHost btw., including GitWeb.
apache-httpd apache-virtualhost letsencrypt
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
add a comment |Â
up vote
0
down vote
favorite
I have Apache 2.4 and the following site-config for acme challenges:
<IfModule mod_alias.c>
Alias /.well-known/acme-challenge /var/www/letsencrypt/challenges/
<Directory "/var/www/letsencrypt/challenges/">
Options -Indexes
</Directory>
</IfModule>
<IfModule mod_rewrite.c>
#Redirect before other rewrite rules
RewriteCond %REQUEST_URI /.well-known/acme-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]
</IfModule>
The file is linked in sites-enabled as 000-acme-challenge.conf so it will have first priority over all others. It only seem to work for sub-/domains where PHP is running as FPM, not where e.g. GitWeb is running as CGI.
Strange, as e.g. my GitWeb (publicly accessible) is linked as 010-git.conf which should load it after 000 (right?).
Plus I get a rate-limit error 429 for some sites. Maybe I have to wait some time there. ;-)
All sub-/domains run as VirtualHost btw., including GitWeb.
apache-httpd apache-virtualhost letsencrypt
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have Apache 2.4 and the following site-config for acme challenges:
<IfModule mod_alias.c>
Alias /.well-known/acme-challenge /var/www/letsencrypt/challenges/
<Directory "/var/www/letsencrypt/challenges/">
Options -Indexes
</Directory>
</IfModule>
<IfModule mod_rewrite.c>
#Redirect before other rewrite rules
RewriteCond %REQUEST_URI /.well-known/acme-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]
</IfModule>
The file is linked in sites-enabled as 000-acme-challenge.conf so it will have first priority over all others. It only seem to work for sub-/domains where PHP is running as FPM, not where e.g. GitWeb is running as CGI.
Strange, as e.g. my GitWeb (publicly accessible) is linked as 010-git.conf which should load it after 000 (right?).
Plus I get a rate-limit error 429 for some sites. Maybe I have to wait some time there. ;-)
All sub-/domains run as VirtualHost btw., including GitWeb.
apache-httpd apache-virtualhost letsencrypt
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
I have Apache 2.4 and the following site-config for acme challenges:
<IfModule mod_alias.c>
Alias /.well-known/acme-challenge /var/www/letsencrypt/challenges/
<Directory "/var/www/letsencrypt/challenges/">
Options -Indexes
</Directory>
</IfModule>
<IfModule mod_rewrite.c>
#Redirect before other rewrite rules
RewriteCond %REQUEST_URI /.well-known/acme-challenge/
RewriteRule (.*) /.well-known/acme-challenge/$1 [L,QSA]
</IfModule>
The file is linked in sites-enabled as 000-acme-challenge.conf so it will have first priority over all others. It only seem to work for sub-/domains where PHP is running as FPM, not where e.g. GitWeb is running as CGI.
Strange, as e.g. my GitWeb (publicly accessible) is linked as 010-git.conf which should load it after 000 (right?).
Plus I get a rate-limit error 429 for some sites. Maybe I have to wait some time there. ;-)
All sub-/domains run as VirtualHost btw., including GitWeb.
apache-httpd apache-virtualhost letsencrypt
apache-httpd apache-virtualhost letsencrypt
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
edited Oct 18 '17 at 11:08
Jeff Schaller
32.3k849109
32.3k849109
asked Oct 10 '17 at 19:25
Roland
13
asked Oct 10 '17 at 19:25
Roland
13
asked Oct 10 '17 at 19:25
Roland
13
13
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
I had permanent redirects from port 80 to 443 (with LetsEncrypt certs) which is generally a good idea when there is a HTTPS version around. These redirects caused the certificate not to be validated (of course).
A bit of a help with this stackoverflow answer (by Cherry) I was able to have both redirect and came up with this:
<IfModule mod_alias.c>
<VirtualHost f.haeder.net:80>
ServerName f.haeder.net
ServerAlias f.haeder.net
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://f.haeder.net/
</VirtualHost>
</IfModule>
This is what I'm using on my Friendica node and as you can test for yourself, it works perfectly. Just to share this little piece of config. :-)
answered Oct 12 '17 at 19:40
Roland
13
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
I had permanent redirects from port 80 to 443 (with LetsEncrypt certs) which is generally a good idea when there is a HTTPS version around. These redirects caused the certificate not to be validated (of course).
A bit of a help with this stackoverflow answer (by Cherry) I was able to have both redirect and came up with this:
<IfModule mod_alias.c>
<VirtualHost f.haeder.net:80>
ServerName f.haeder.net
ServerAlias f.haeder.net
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://f.haeder.net/
</VirtualHost>
</IfModule>
This is what I'm using on my Friendica node and as you can test for yourself, it works perfectly. Just to share this little piece of config. :-)
answered Oct 12 '17 at 19:40
Roland
13
add a comment |Â
up vote
0
down vote
accepted
I had permanent redirects from port 80 to 443 (with LetsEncrypt certs) which is generally a good idea when there is a HTTPS version around. These redirects caused the certificate not to be validated (of course).
A bit of a help with this stackoverflow answer (by Cherry) I was able to have both redirect and came up with this:
<IfModule mod_alias.c>
<VirtualHost f.haeder.net:80>
ServerName f.haeder.net
ServerAlias f.haeder.net
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://f.haeder.net/
</VirtualHost>
</IfModule>
This is what I'm using on my Friendica node and as you can test for yourself, it works perfectly. Just to share this little piece of config. :-)
answered Oct 12 '17 at 19:40
Roland
13
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
I had permanent redirects from port 80 to 443 (with LetsEncrypt certs) which is generally a good idea when there is a HTTPS version around. These redirects caused the certificate not to be validated (of course).
A bit of a help with this stackoverflow answer (by Cherry) I was able to have both redirect and came up with this:
<IfModule mod_alias.c>
<VirtualHost f.haeder.net:80>
ServerName f.haeder.net
ServerAlias f.haeder.net
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://f.haeder.net/
</VirtualHost>
</IfModule>
This is what I'm using on my Friendica node and as you can test for yourself, it works perfectly. Just to share this little piece of config. :-)
answered Oct 12 '17 at 19:40
Roland
13
I had permanent redirects from port 80 to 443 (with LetsEncrypt certs) which is generally a good idea when there is a HTTPS version around. These redirects caused the certificate not to be validated (of course).
A bit of a help with this stackoverflow answer (by Cherry) I was able to have both redirect and came up with this:
<IfModule mod_alias.c>
<VirtualHost f.haeder.net:80>
ServerName f.haeder.net
ServerAlias f.haeder.net
RedirectMatch permanent ^(?!/.well-known/acme-challenge/).* https://f.haeder.net/
</VirtualHost>
</IfModule>
This is what I'm using on my Friendica node and as you can test for yourself, it works perfectly. Just to share this little piece of config. :-)
answered Oct 12 '17 at 19:40
Roland
13
answered Oct 12 '17 at 19:40
Roland
13
answered Oct 12 '17 at 19:40
Roland
13
answered Oct 12 '17 at 19:40
Roland
13
13
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f397291%2facme-challenge-not-requestable-by-all-sub-domains%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
