29 Mar
2017
29 Mar
'17
7:35 a.m.
On 28/03/17 18:07, Ian wrote:
Dominic Cleal said:
I work on the Augeas project, which is the underlying parser for the
Apache config files, so I've been fixing a few of the problems that
LE/CB's been hitting on real world files ever since its release. There
are five known issues[1] still, but I think 0.9.3 did contain all of the
published fixes so far.
If you have the original file still, then I'd be interested in obtaining
a copy to ensure we're tracking or are fixing the bug.
I used the Apache plugin to automatically
reconfigure my vhosts, which
worked pretty much correctly. This generated new HTTPS versions of the
vhosts and added a redirect to the HTTP version.
This is what I wanted to do. However, it complains about an error
parsing a different site's .conf file.
(It would be easier to show what went wrong with the various attempts,
but someone thought it was a good idea to overwrite the log file each
time you run certbot, rather than append to it.)
Using the webroot mode is also easy, as it works
with any web server
that serves files from the given webroot directory. You can then make
the HTTPS modifications to your web server's config after the
certificate's been retrieved.
Hmm, when I tried that, it 302s. From the Apache log file:
66.133.109.36 - - [28/Mar/2017:13:45:39 +0000] "GET
/.well-known/acme-challenge/rMJgBWEhAQy8AYJAm9earOoIoKotuz4OISUc1yrlpbM
HTTP/1.1" 302 274 "-" "Mozilla/5.0 (compatible; Let's Encrypt
validation
server; +https://www.letsencrypt.org)" 0
.. although I can create and read /.well-known/index.html
But because it deletes the acme-challenge and random name
subdirectories, there's no easy way to tell what's going on!
What's made it work is deleting the other site's .conf file. It wasn't
actually being used, but Apache had no problems with it. I don't see a new version of vhosts - do you have
your sites in a single
file, or in separate files in /etc/apache2/sites-available? - but it's
not difficult to do.
They're in separate files in sites-available, so I now have:
-rw-r--r-- 1 root root 2022 Aug 29 2016
/etc/apache2/sites-available/m0dlx.com
-rw-r--r-- 1 root root 2211 Aug 29 2016
/etc/apache2/sites-available/m0dlx.com-le-ssl.conf
The le-ssl.conf is identical to the regular file, except with an
IfModule wrapper and SSL* directives at the bottom for the key/cert.
[1]https://github.com/hercules-team/augeas/issues?utf8=%E2%9C%93&q=is%3A…
--
Dominic Cleal
dominic(a)computerkb.co.uk