Thank you, I have made all the changes and testet it, looks good.
To renew the certificate, simply create a crontab with 'certbot renew' and I'm done, right?
1 Like
Yes, if you don't already have one which you might. Check with these steps
https://eff-certbot.readthedocs.io/en/stable/using.html#automated-renewals
Did you change the VirtualHost for port 80 too like I showed? And, reloaded Apache? Because I still see the acme challenge URI's getting redirected. The redirection works to satisfy the challenge I am just surprised.
3 Likes
Alright, thank you, I will do that.
Yes, I did that, but I just discovered that there's also a .save file in that folder. Where does that come from? Could that be why you're wondering? Because in the .save file, the original remains without your changes. I edited the .conf file.
root@DERWaescheladen:/etc/apache2/sites-enabled# ls
ssl-derwaescheladen.at.conf ssl-derwaescheladen.at.conf.save
1 Like
If you did not make that copy maybe your editor did? Best not to have backup copies in the sites-enabled folder in general. But, whether they get used depends on the include statement in your base httpd conf. If that is just /sites-enabled/* then it would see them but if it has /sites-enabled/*.conf then it would not. I think you have the latter otherwise we would have seen duplicates in your DUMP_VHOSTS output. Unless they were made later?
Re-running this would prove it one way or the other. What does this show?
sudo apache2ctl -t -D DUMP_VHOSTS
3 Likes
VirtualHost configuration:
*:80 www.xn--derwscheladen-efb.at (/etc/apache2/sites-enabled/ssl-derwaescheladen.at.conf:2)
*:443 www.xn--derwscheladen-efb.at (/etc/apache2/sites-enabled/ssl-derwaescheladen.at.conf:10)
Can/Should I delete the .save file?
1 Like
It is not being used by Apache. Still, if you want to keep it I would move it to some other folder.
I am not sure about the redirection issue but you were redirecting challenges to HTTPS before and so that is still happening and working. I may have time to think about that further later today.
Could you show that port 80 VirtualHost just so I can make sure there was no typos?
3 Likes
Okay, I will move it somewhere.
Take your time.
Certainly, I've even copied it instead of writing it down.
<VirtualHost _default_:80>
ServerName www.xn--derwscheladen-efb.at
DocumentRoot /var/www/derwaescheladen.at
<If "%{REQUEST_URI} !~ m#/\.well-known/acme-challenge/#">
Redirect permanent / https://www.xn--derwscheladen-efb.at/
</If>
</VirtualHost>
2 Likes
That seems to be doing what is expected:
curl -Ii www.xn--derwscheladen-efb.at
HTTP/1.1 301 Moved Permanently
Date: Fri, 15 Sep 2023 16:09:41 GMT
Server: Apache/2.4.57 (Debian)
Location: https://www.xn--derwscheladen-efb.at/
Content-Type: text/html; charset=iso-8859-1
curl -Ii www.xn--derwscheladen-efb.at/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 404 Not Found
Date: Fri, 15 Sep 2023 16:10:00 GMT
Server: Apache/2.4.57 (Debian)
Content-Type: text/html; charset=iso-8859-1
3 Likes
Good. It wasn't before but glad it is now. One less item on my to-do list 
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.