How to authenticate a hostname that has an Apache redirect directive?


#1

I had been using the --standalone mode with certbot to try renewals nightly for a handful of domains. But it would take a few minutes to authenticate them all, which meant my sites were down for the duration every night. Not really desirable.

Trying to get the --webroot mode to work, which should put an auth token in the .well-known subfolder of each specified webroot so it can be served up by Apache. The difficulty I am running into is that I have some hostnames that are configured to do redirects in Apache.
Ultimately, I still need a valid cert for these hostnames so that folks can browse to https://www.domain.tld and securely receive the instruction to head elsewhere.

Right now my only proposed solution is to use either --pre-hook and --post-hook to run a script to disable all redirects in Apache’s configs and then put them back after certbot is done. But I am wondering if there is some more official solution within the sphere of LetsEncrypt. I am not having much luck with Googling because most phrases I search return results merely regarding redirecting http:// to https://


#2

Hi @Chirubhai

do you have redirects

http://onedomain -> https://otherdomain

So something like

http://onedomain/.well-known/acme-challenge/long-token

is redirected to

https://otherdomain/.well-known/acme-challenge/long-token

If yes, there are two different solutions to use the webroot - parameter.

(i) Add a global redirect

/.well-known/acme-challenge/token

to one directory

/specialfolder/.well-known/acme-challenge/token

so you can use this one /specialfolder as webroot of all of your domains.

Or (ii):

Add something like

RewriteRule ^.well-known/acme-challenge/ - [L,NC]

on the top of these domains to redirect. So this folder isn’t redirected.

PS: Moved to “Help”


#3

Thanks @ JuergenAuer
Bcoz of ur my issue has been solved thanks allot.


#4