I installed Let's Encrypt through Certbot, with the option 'https only' (redirect http). Works like a charm.
All is https.
But... I shouldn't have selected 'https only' (redirect http). Because I need plain http to still be available as well, as it turns out.
How can I make so that Let's Encrypt will allow plain http as well?
I need the site to be available through https (with Let's Encrypt) and through regular http.
There is an option called --no-redirect, but for some reason it only works when generating a NEW VirtualHost. I just tested it and it does not remove an already existing redirect.
Possible solutions:
Use the Certbot rollback subcommand to undo the installing of the Certificate, then re-do the installing of the certificate but without the --redirect option
Manually remove the three RewriteEngine directives (RewriteEngine, RewriteCond and RewriteRule) added to the HTTP VirtualHost.
Please specify one or more enhancement types to configure. To list the available enhancement types, run:
certbot --help enhance
No enhancements requested, exiting.
I think the only use for --no-redirect is to change the behaviour of defaulting to do enable redirecting with the install and run subcommands.
Is your Icecast server behind an Apache or nginx reverse proxy? Because those two webservers are the only ones that Certbot would be able to enable redirecting for.
Thanks for the tip, but it does not like enhance --no-redirect.
Redirect is available, according to --help, but not no-redirect.
#certbot enhance --no-redirect
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please specify one or more enhancement types to configure. To list the available enhancement types, run:
certbot --help enhance
No enhancements requested, exiting.
I thought, yes! Of course I can do that! I know that...
But because it being an Icecast server, and not a "regular" webserver, I cannot find it, so I cannot edit it.
And a search query only finds so much before eventually timing out...
Certbot cannot add a HTTP to HTTPS redirect on IceCast servers, so I have absolutely no clue on where that redirect might have came from.
Even better: Certbot can't even install the certificate on an IceCast server at all! So please could you explain to use a little bit better what the actual setup is? Just Icecast? Or also a nginx or Apache webserver?
It can. It did. With certbot certonly, I just now remembered while checking the history.
During running certbot I do remember having to tell it where the folder with html/php files for the outside world is located, I think.
And then I got the question (not verbatim) "Would you like to:"
The installation was months ago, and only now I realised I need to remove the forced redirect. I'm browsing through history, but that's a bit of a mess, as I was experimenting on how to get it to work, so not all commands in there would have actually done something.
At this point I'm not even sure if I ran sudo certbot certonly --webroot or sudo certbot certonly --standalone (which I both found in history).
So that doesn't really make it any clearer
But at one point it did give me the question:
Would you like to:
redirect all
do not redirect all
Where I chose 1, and now wish I didn't.
I do really appreciate everyone's help here though! Many thanks!