[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-list
Subject:    Re: Certbot error
From:       Chris Adams <linux () cmadams ! net>
Date:       2023-04-23 14:33:13
Message-ID: 20230423143313.GA2899 () cmadams ! net
[Download RAW message or body]

Once upon a time, Patrick O'Callaghan <pocallaghan@gmail.com> said:
> BTW 'certbot certonly ..." also failed. I'm 99% sure this is a problem
> with my Apache installation.

I think others have mentioned it, but I would highly suggest using
--webroot rather than --apache.  You have control of the Apache config
that way and can get it right (once) and be done with it, just pointing
certbot to your chosen and configured directory.

The validation step does use port 80, due to pre-SNI shared hosting
servers sometimes serving site A's content on port 443 for site B's URL
(allowing site A to impersonate site B for ACME purposes).  Especially
if you aren't otherwise using port 80, you can just configure an Apache
virtual host on port 80 and point it to an otherwise-unused directory,
to use with --webroot.

I do most of my Let's Encrypt cert validation with DNS these days (to
allow for wildcard certs and/or hosts on private networks), so that's
about it for ideas from me. :)

-- 
Chris Adams <linux@cmadams.net>
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[prev in list] [next in list] [prev in thread] [next in thread]