Join Log in
Score:0
Meadowlark Marsh avatar Server

Certbot cannot check challenge because of Apache "Redirect / domain.com"

cn flag
Meadowlark Marsh

So there is this server that is all messed up but that is besides the point.

I ran certbot and it failed. Checked the vhost for port 80. It has the blanket redirect.

It dose not seem like it would cause a problem right? Well it is, I commented it out and certbot ran no problem.

So then I tired creating a new vhost just for certbot. "ServerName domain.com.well-known Directory /var/www/certbot" Then running certbot specifying the new directory. No dice, It said it needs to be the root directory for the website.

I tried other things too and non of them worked. idk what to do, I do not even know if that redirect is necessary but I cannot really mess with it. If that is the only way then that is what we must do, use yearly certs and change them manually or something.

79
0 + 0
in flag
Gerald Schneider
How are you running certbot? The certbot apache module should configure Apache automatically properly. All my :80 virtualhosts are just redirects, I have nothing special configured for certbot.
0
Reply
us flag
Tero Kilkanen
`ServerName domain.com.well-known` is nonsense. `.well-known` is a path inside the virtual server, not part of a virtual host name.
2
Reply
Meadowlark Marsh avatar
cn flag
Meadowlark Marsh
solution was to remove the Redirect / https.domain.com and replace it with rewrite rules with a condition to not redirect anything /.well-known
0
Reply
Score:-1
Wtrnd avatar Server
jp flag
Wtrnd

Certbot won't issue a cert for an vhost biding port 80 only as port 80 is literally protocol non-secure http.

You need to add port 443 biding to your ready existing vhost which is https, unless you use Certbot Apache2 plugin by calling Certbot with --apache option.

  <VirtualHost *:80>
   ServerName www.example.com
  </VirtualHost>

  <VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
  </VirtualHost>

And not sure to understand your point about redirection. But don'g expect certbot issue cert for an redirection as certificate is associated to a hostname (url) and will also traceroute domain before issuing cert.

But if you are talking about redirect www.example.com to https://example.com, you could add this to your *:80 vhost.

Redirect / https://www.example.com/

And forget about well-known things and pointing out your root webdir using certbot as there's no need. As long as the hostname you want ssl cert on it, your vhost should also bind port *:443 parameters and are already an apache2-enabled site a2enssite <your-site.conf / your-site.vhost> Certbot will do the rest.

And actually i just realized, chance are, Certbot will detect your Apache2 site even without biding 443 port and will take care of do it for you, correct me if i'm wrong as been a long time not used it.

But as long as your hostname/domain/name/url call it whatever you prefer, can be reached in browser or return ip by ping your url (outside your local network), you shouldn't have to edit nothing.

And don't forget to use Certbot --apache option. This will make the task much easier. You need to install package first (sudo apt install python3-certbot-apache) or something like that.

0 + 0
John Hanley avatar
cn flag
John Hanley
Your answer is simply wrong in so many areas. Please delete it.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.