[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: Certbot error
From:       Patrick O'Callaghan <pocallaghan () gmail ! com>
Date:       2023-04-22 21:30:26
Message-ID: f22c903754b5c0b9c3534d5596fa187dc33ce8a8.camel () gmail ! com
[Download RAW message or body]

On Sun, 2023-04-23 at 06:47 +0930, Tim via users wrote:
> On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
> > My understanding is that it needs port 80 for the initial token
> > negotiation to get the certificate to set up HTTPS. Requiring port
> > 443
> > would be a circular dependency.
> 

> [...]

> And, testing that:  If I disable all port 80 connections, I can
> connect
> to my webserver using HTTPS over port 443.
> 
> Their error message seems to indicate that *it* wants a connection
> response from the webserver on port 80 with your site's domain name
> in
> the response headers (to prove you own the site).  This seems to be a
> bizarre requirement.  Possibly the cert checker needs programming
> better, rather than Apache needing something done to it.
> 

That's entirely possible of course.

> Nor should you really have to have a virtual host.  You could be a
> webserver that you own totally and it only serves your website.  It
> seems some oddball demands from the cert checker.
> 

I do agree with that. I think it's a specific limitation of Certbot
itself, which (from discussions on the LetsEncrypt site) actually
messes with your Apache config while it's doing its testing. Other
implementations of the ACME protocol don't seem to require this, but
I'm just guessing.

poc
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[prev in list] [next in list] [prev in thread] [next in thread]