Sorry, both solutions did not work for me under 10.11.3 El Capitan and Server 5.0.15.
The double proxy is such a non-intuitive solution just to get that idiotic “apple default server”. Linux is easier that this crappy ****
That idea to use a dotted directory seems to be really a no-go for OSX and letscrypt. The goal to do easy encryption ist totally foiled under OSX server. I need about 3 minutes to get a certificate the “classical way” via CSR.
I didn’t managed to get that dotted directory to get served in 90 minutes just to verify that it is “my server”. Everything else works - python, pip, virtualenv - no errors, like a charm.
So it is 30 times easier to get a cert via the “old” way with CSRs. This is “Letsforgetencryption” for OSX server and a nerdy thing again, not easy, not better than classical ways.
No - it could not get it to work like the 3 minute certs - so ist more than 30 times harder to use.
Okay - i understand i have to break the interception of dotted directory names by Calendar service for other services with a new proxy to serve it to the public - namely LE, which must use that **** dotted path. Without a dot it is not my server. For sure.
Tried that solution of cyrilpic. Stopped proxy, restartet webservice. cleared browser caches. No difference.
When trying to access .well-known directly i am redirected to a CalDAV-Service. Going deeper to /acme-challenge/ or (file) i get “not found”.
Tried that not so well described solution of DDJarod. Did not work because /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf would not load */Library/Server/Web/Config/Proxy/apache_serviceproxy_customsites_letsencrypt.conf
The server was not reachable at all, not by me and of course not by LE.
Reverted and got it running again, but with no access to dotted directories.
Gave up. 90 minutes just to get around a dot is much money. i can spend in a commercial cert.
This is really a little stupid idea, that little dot. A not dotted directory would be accessible with no problems. Google uses files on the root directory for a similar task. Works. Because they do not use DOTS.
Dont know, who had that bad idea which excludes OSX servers with no feasible reason. One dot less, and there would be less problems for OSX.