Jenkins on Letsencrypt? What is my webroot?

$ sudo cat /etc/apache2/sites-available/000-default.conf 
[sudo] password for kus: 
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#DocumentRoot /var/www/html
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080
        ProxyRequests Off 
                Order deny,allow 
                Allow from all 

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:trace8

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

If I do sudo certbot --authenticator webroot --installer apache I get to the question about the web root.

Now in, I see that my webroot is /var/cache/jenkins/war	/usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080

I am on debian stretch 9.3 with apache weekly jenkins updates (am open to switching to other things if needed). It is a $5 box on digital ocean.

The request should never make it to Jenkins, you should intercept it when it arrives at Apache and handle it there.

One way to do this could be to change:

    #DocumentRoot /var/www/html
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080
    ProxyRequests Off


    DocumentRoot /var/www/html
    ProxyPass "/.well-known/acme-challenge" "!"
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080
    ProxyRequests Off 

and then /.well-known/acme-challenge should be served from /var/www/html/.well-known/acme-challenge/, so for Certbot you would use --authenticator webroot -w /var/www/html.

1 Like

Thank you very much, _az! I would also like to thank @ccppuu for guiding me to the forum.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.