[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-list
Subject: Re: Certbot error
From: Patrick O'Callaghan <pocallaghan () gmail ! com>
Date: 2023-04-22 21:23:19
Message-ID: 7014c7ebff385bc1bfc8d19f806e90e6b94bb016.camel () gmail ! com
[Download RAW message or body]
On Sat, 2023-04-22 at 20:35 +0200, Peter Boy wrote:
>
>
> > Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan
> > <pocallaghan@gmail.com>:
> >
> > On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
> > >
> > >
> > > > Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
> > > > <pocallaghan@gmail.com>:
> > > >
> > > > I'm trying to set up a simple web server for personal use,
> > > > using
> > > > Apache, and want to enable HTTPS access. This involves getting
> > > > an
> > > > SSL
> > > > certificate and I'll be using LetsEncrypt
> > > > (www.letsencrypt.org).
> > > >
> > > > The recommended way to do this is with Certbot, but I can't get
> > > > past
> > > > this error:
> > >
> > >
> > > With apache you have the advantage that you don't need certbot at
> > > all, but apache does everything itself with the help of the md
> > > module. Configure as follows:
> > >
> > > # Letsencrypt certificate management via Apache mod_md
> > > # By default, automatically all alternative names get included.
> > > MDomain MY_DOMAIN.TLD
> > > MDContactEmail ME@MY_DOMAIN.TLD
> > > MDCertificateAgreement accepted
> > > <VirtualHost *:443>
> > > ServerName MY_DOMAIN.TLD
> > > ServerAlias www.MY_DOMAIN.TLD
> > > ServerAlias demo.MY_DOMAIN.TLD
> > > …
> > > …
> > > </VirtualHost>
> > >
> > > After adding the above configuration restart apache. Wait some
> > > minutes and restart again. You should now see in the logs the
> > > certificates.
> > >
> > > Apache cares about the 3-monthly renewing. You don’t need to do
> > > anything.
> >
> > That's interesting, but seems to contradict what the LetsEncrypt
> > site
> > seems to say (as far as I understand it). How does Apache set up a
> > certificate if it's only reachable via port 443, which requires a
> > certificate?
>
> Apache developed mod_md which is, among others, yet another
> implementation of the certbot protocol, but manages everything inside
> apache. The module knows it has to renew every 3 months and it
> manages the communication with lets encrypt by its own. I didn’t
> check, but - as it works - mod_md knows about the ports and chooses
> the appropriate.
>
> I should have send the complete config, it says further down:
>
> <VirtualHost *:80>
> # Production Web Site Fiction meets Science
> ServerName MY_DOMAIN.TLD
> ServerAlias www.MY_DOMAIN.TLD
> RewriteEngine On
> RewriteRule ^(.*)$ https://MY_DOMAIN.TLD$1
> [R=301,L]
> </VirtualHost>
It's documented in https://httpd.apache.org/docs/2.4/mod/mod_md.html so
I may try it.
poc
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic