Letsencrypt unable to set up enhancement redirect, how to fix it?


#1

debian 8.2 jessie - apache2 (2.4),

I run:
./letsencrypt-auto --apache

I was promped to choose “easy: keep both http https” or “safe use only https”, I choosed the second one because I want only https

then at the end I got this:

Unable to add title

IMPORTANT NOTES:
 - We were unable to set up enhancement redirect for your server,
   however, we successfully installed your certificate.
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.example.com/fullchain.pem. Your cert
   will expire on 2016-03-29. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.

I wonder what went wrong…

Now what should I do? Should I have to add a redirect in:
/etc/apache2/sites-available/default-ssl.conf?

I would like to know how letsencrypt would have done that configuration if the installation was successful


For now I just used:

Redirect "/" "https://www.example.com/"

from docs https://httpd.apache.org/docs/2.4/rewrite/avoid.html


#2

As far as I know, it generates a relative simple <VirtualHost> for port 80 with only a redirect in it.

Your option with Rewrite is probably better. The Let’s Encrypt client uses mod_rewrite. I have no clue why. This is what I’ve got in one of my test hosts: RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Perhaps they’ve chosen for mod_rewrite in the case the user already has other RewriteRules in their configuration or something, but from that RewriteRule alone, I can’t see any added value compared to Redirect. The Redirect directive also forwards the query string in the Location HTTP header, so QSA in the RewriteRule above isn’t of any added value. Neither is END when used in one single RewriteRule and R=permanent can be set in the Redirect directive too.