httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Mehler <>
Subject [users@httpd] issue with apache and virtual hosts and acme-client letsencrypt certificates
Date Mon, 02 Oct 2017 03:05:04 GMT

I'm running a FreeBSD system that I'm running apache on and using that
to validate and put in to place letsencrypt certificates for several

I thought I had auto-updating working, turns out I didn't, but also
I've got a configuration problem with apache that is preventing
certificate validation.

If I use:

acme-client -v -C /usr/local/www/.well-known/acme-challenge -mbnN

/usr/local/www/.well-known/acme-challenge is where challenges are
stored, the validation works only if  I have this line commented out:

Redirect /

if the above is uncommented validation fails. My goal is an all-ssl
site except for the acme validations, so if a user types in
or they get redirected to https. But if a request comes
in with the domain host/.well-known/acme-challenge redirection to the
http site occurs for certificate validation.

Here's a virtual host config:

<VirtualHost *:80>
    DocumentRoot "/usr/vhosts/"

    ErrorDocument 404 /errordocs/error404.htm
    # share well-known for renewal via Let's Encrypt!
    Alias /.well-known/acme-challenge /usr/local/www/.well-known/acme-challenge

    # Anything that isn't going to gets
forwarded to the https site
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/.well-known
Redirect /

    ErrorLog "/usr/vhosts/"

# for acme challenges
<Directory "/usr/local/www/.well-known/acme-challenge">
   Options None
   AllowOverride None
   Require all granted
   Header add Content-Type text/plain
<VirtualHost *:443>
    DocumentRoot "/usr/vhosts/"

SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/"
SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/"
SSLCertificateChainFile "/usr/local/etc/ssl/acme/"

    <Directory "/usr/vhosts/">
Options FollowSymLinks
AllowOverRide None
Require all granted
    <IfModule mod_log_config.c>
        CustomLog "|/usr/local/sbin/rotatelogs -l
/usr/vhosts/ 86400" combined

# Disc cache setup
    CacheQuickHandler off
    CacheLock on
    CacheLockPath /tmp/mod_cache-lock
    CacheLockMaxAge 5
    CacheIgnoreHeaders Set-Cookie
    <Location />
        CacheEnable disk
        CacheHeader on
        CacheDefaultExpire 600
        CacheMaxExpire 86400
        CacheLastModifiedFactor 0.5
        ExpiresActive on
        ExpiresDefault "access plus 5 minutes"
        Header merge Cache-Control public
        FileETag All

Suggestions welcome.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message