My server redirects port 80 to 443, and certbot bails when using --manual


#1

Hello.
I’m trying to issue a cert for a server which has a config for port that redirects all to port 443.
Even though I have the challenge file in place and ready, Certbot says it can’t connect to “http://…”. It appears that the initial redirect throws certbot off and it exits.
I can access the challenge file from the full URL, so I know it’s not a problem of GETTING to the challenge file.
I can’t add a port 80-only server, and can’t remove the redirect.
I also don’t want to install certbot on this particular server as it forces an install of lots of system packages I don’t want on this server.
So what should I do to get the cert issued?
Deb8 running Apache 2.4.17


Redirect to https causing problems
#2

Let’s Encrypt follows redirects (HTTP 301 and 302) when performing HTTP-01 challenges, both to other domains and from http:// to https://. The problem is probably somewhere else.

Can you run the client with -vvvvv and provide the full output and log files from /var/log/letsencrypt?


#3

Sure. thanks.
pastebin.com/GgAywDZC


#4

The redirect leads to a non-existing domain (check the value of the Location header in the output below). I guess there’s a missing / somewhere in your RewriteRule.

$ curl -i http://secure.wwiionline.com/.well-known/acme-challenge/Ysn-yMOlMjHiZoiRPDbCZNiQERQcYkrOuKfA4p18Vqw
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Jun 2016 16:45:18 GMT
Server: Apache/2.4.17 (Debian)
Location: https://secure.wwiionline.com.well-known/acme-challenge/Ysn-yMOlMjHiZoiRPDbCZNiQERQcYkrOuKfA4p18Vqw

#5

Excellent. Thanks for your help. That was the issue and once fixed, the challenge worked.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.