OK, I have put this
<location "/.well-known/acme-challenge/">
Redirect / https://metricrat.co.uk/
</location>
and reloaded apache
OK, I have put this
<location "/.well-known/acme-challenge/">
Redirect / https://metricrat.co.uk/
</location>
and reloaded apache
No go.
still same redirection:
curl -Iki http://ai2.metricrat.co.uk/.well-known/acme-challenge/test-file
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 11 May 2020 13:50:12 GMT
Location: https://ai2.metricrat.co.uk/.well-known/acme-challenge/test-file
I donât know what Iâve missed but I canât seem to find it.
Maybe a new set of eyes are needed - sorry - I tried.
I would open a new topic and have someone else give this a go.
You can mention this topic in that one.
Well we canât have missed much, tried just about everything!!
Very grateful for your effort and input, Rudy, I learnt a lot about debugging apacheâŚ
There must be another angle to this. I recall it was swine to get the sub domain setup in the first place with the DNS, but it did all fall into place, more by luck than judgement.
Is there a way of perhaps getting a new certificate, see if that worksâŚ
We can try one last test - not to fix anything - just to check our sanity (or that of Apache).
Try:
<VirtualHost *:80>
ServerAdmin webmaster@ai2.metricrat.co.uk
ServerName ai2.metricrat.co.uk
DocumentRoot /var/www/ai2.metricrat.co.uk/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<location "/.well-known/acme-challenge/">
return 200 "you reached the challenge section"
</location>
<location "/">
return 200 "This site has moved to HTTPS"
</location>
</VirtualHost>
We "should" see one of those two messages - there is no other choice.
If we still see the previous redirection, then that redirection is happening somewhere else.
We'd have to start all over again and troubleshoot the failure... check the LE logs.
I was trying to avoid that and this "looked" simpler... at the time.
Apache wonât reload with that in the .conf fileâŚ
I canât seem to find the apache equivalent of the nginx:
return 200 "text"
There is NO return directive in Apache âŚ
Found a very tedious rewrite that would require making two new files with the text contents.
Not worth the effort.
Last go:
<VirtualHost *:80>
ServerAdmin webmaster@ai2.metricrat.co.uk
ServerName ai2.metricrat.co.uk
DocumentRoot /var/www/ai2.metricrat.co.uk/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
redirect 303 /.well-known/acme-challenge/ https://metricrat.co.uk/
redirect 303 / https://ai2.metricrat.co.uk/
</VirtualHost>
Using 303 to make it obvious.
Set that. Any change ?
None.
And I just noticed the âserverâ responding isnât Apache:
curl -Iki http://ai2.metricrat.co.uk/.well-known/acme-challenge/test-file
HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 11 May 2020 14:46:29 GMT
Location: https://ai2.metricrat.co.uk/.well-known/acme-challenge/test-file
Content-Length: 0
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
What is âESFâ ? ? ?
Hindsight = 20/20
It was there the whole time!
I donât know, I believe it might be a google thingâŚ
Are you even on the right server?
What shows?:
wget config.me
Are you even on the right server?
What shows?:
wget config.me
curl ifconfig.me
[lack of sleep]
That returns the IP of my server.
Is the redirection of the google site overriding anything apache is doing ?
I donât know enough to answer that question.
I donât even know what âSPFâ stands for in the context of âserver typeâ.
An SPF record is a Sender Policy Framework record. Itâs used to indicate to mail exchanges which hosts are authorized to send mail for a domain. Itâs defined in RFC 4408, and clarified by RFC 7208.
Rip
Donât you mean ESF ?
From what I can see, any call to https://ai2.metricrat.co.uk will get a response from the google site, and not the server. From what you say, we need to be able to get a call from http://ai2.metricrat.co.uk in order to help certbot validate the site? This http address is not setup on the server or on the virtual host. Is there anything I can add or change to make this so, or have I got this wrong ?
I was able to set up the https certificate in the first place, and it is clearly working now; my site ai2.metricrat.co.uk is using an https secure address. I do not understand why certbot cannot validate when everything appears to already be in place?
If we cannot solve it on the community, what recourse do I have to âletsencryptâ to get this resolved ?
Thatâs NOT the SPF we are talking about.
My eyes! my eyes!
Yes, not SPF, ESF.