This post regards apache 2.4 under ubuntu 16.04. And I think there is a bug in the apache2 configuration files as modified by the certbot installation process. (I’ll explain precisely what I did below.)
What I ended up with is the following contents in my sites-enabled/leftout.conf:
<VirtualHost *:80>
ServerAdmin sleator@cs.cmu.edu
ServerName leftout.info
ServerAlias *.leftout.info
DocumentRoot /var/www/leftout
# the above cannot use the full path to the afs directory, because
# it gets hung up on an .htaccess file at /afs/cs.cmu.edu
# so instead this sym-link is set in /var/www --DS
<Directory />
Options FollowSymLinks
AllowOverride FileInfo
</Directory>
<Directory /var/www/leftout>
Options Indexes FollowSymLinks MultiViews
AllowOverride FileInfo
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
AddHandler markdown .mark
Action markdown /cgi-bin/leftout-markdown-wrapper.pl
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =leftout.info [OR]
RewriteCond %{SERVER_NAME} =*.leftout.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The only thing the certbot installation process did to this file was to add the four lines about the rewrite rules. With this configuration running I get these results:
$ curl -I leftout.info
HTTP/1.1 301 Moved Permanently
Date: Mon, 30 Jul 2018 11:52:42 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://leftout.info/
Content-Type: text/html; charset=iso-8859-1
$ curl -I www.leftout.info
HTTP/1.1 200 OK
Date: Mon, 30 Jul 2018 11:52:26 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
Which is not what I want. I want http://www.leftout.info to be redirected to https://www.leftout.info
I fixed this by replacing the “*” in the RewriteCond with “www”. As in:
RewriteEngine on
RewriteCond %{SERVER_NAME} =leftout.info [OR]
RewriteCond %{SERVER_NAME} =www.leftout.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Now I get this result, which is what I wanted:
$ curl -I www.leftout.info
HTTP/1.1 301 Moved Permanently
Date: Mon, 30 Jul 2018 11:53:35 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://www.leftout.info/
Content-Type: text/html; charset=iso-8859-1
My installation was done with these commands (from certbot.eff.org)
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
Then later:
$ certbot certonly --cert-name leftout.info -d leftout.info,www.leftout.info,rangevoting.org,www.rangevoting.org
Anyway, I resolved this issue, but I thought I’d alert others of it. Thanks.