You can only --dry-run
using certonly
, not run
.
I tried suggesting this syntax for the certificate handbook. Brad didn't like it very much.
Renewals will run into the same problem yes.
The best solution would be to find a permanent valid configuration where /var/lib/letsencrypt/http_challenges
is excluded from that global deny.
Where do you see --dry-run
there?
Isn't it completely mental that you can't use --dry-run
with run
? I don't see a --dry-certonly
or --dry-renew
anywhere...
Ok,
Have reverted my /etc/httpd/conf/httpd.conf change for the / directory that was there to secure the server and now have this which works fine;
<Directory /var/lib/letsencrypt/http_challenges>
Options None
Order allow,deny
Allow from all
</Directory>
<Directory />
Options None
Order deny,allow
Deny from all
</Directory>
Hoping it may help someone else in future as well.
Glad you got it working.
Please remember to include both www and non-www in your certificate or you'll run into other trouble.
Yep - I intend to run the command above as you suggested.
That will use the apache installer. If it causes issues, just use certbot rollback
to undo the changes to apache.
By the by, to be clear, _az knows worlds more here than I do. On rare occasion I'll catch him on something (that he probably coded in the first place).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.