There is a module called "mod_md" which gets and renews certificates from LE.
It's part of 2.4.43.
https://httpd.apache.org/docs/2.4/mod/mod_md.html
https://github.com/icing/mod_md
You do not need to have port 80 open to use it. It also works with port 443
alone.
Cheers, Stefan
> Am
If I build a new server using --enable-systemd how does that affect using
apachectl?
Can I still apachectl for interactive start/stop while systemd takes care
of reboots?
Thanks.
Best regards,
-Tom
Before LE came along, I tightened my single server down to redirect http to
https. With LE I've been using the cert generation method where I stop
Apache, create the required certs with a Raku program, and restart Apache.
Now with my new Apache 2.4.43 I'm ready to automate the process. Is there
pOn Wed, Jun 17, 2020 at 09:55 dmallor wrote:
You can just setup a global redirect on your 80 listener but exclude LE
> root path
>
...
>
Thanks, Danny.
I've never used rewrites before, but that looks like a good idea. But which
of the two solutions would you prefer?
What is the downside of
I have never used that module and always preferred to keep 80 open purely for
redirects (and LE)Danny
Original message From: Tom Browder
Date: 6/17/20 11:20 AM (GMT-06:00) To: users@httpd.apache.org Subject: Re:
[users@httpd] Let's Encrypt (LE) and port 80 pOn Wed, Jun 17,
On 17 Jun 2020, at 07:05, Tom Browder wrote:
>
> Now with my new Apache 2.4.43 I'm ready to automate the process. Is there any
> way to allow port 80 access but only from an LE server?
In addition to the other replies, you can use the DNS-01 method for
establishing and rewriting a cert. That
On Wed, Jun 17, 2020 at 08:11 Stefan Eissing
wrote:
> There is a module called "mod_md" which gets and renews certificates from
> LE. It's part of 2.4.43.
> ...
> You do not need to have port 80 open to use it. It also works with port
> 443 alone.
>
Stefan, thanks. I've read a bit about mod_md
You can just setup a global redirect on your 80 listener but exclude LE root
pathRewriteEngine On RewriteCond %{REQUEST_URI}
!^/.well-known/acme-challenge/.* RewriteRule ^
https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]Danny
Original message From: Tom Browder
On Wed, Jun 17, 2020 at 11:47 @lbutlr wrote:
> On 17 Jun 2020, at 07:05, Tom Browder wrote:
...
> Most of the automation scripts for LE pretty much walk your through
> setting this up.
...
> Not making a suggestion, as this is harder to setup, but it is something
> to think about.
Thanks
> Date: Wednesday, June 17, 2020 06:48:27 -0500
> From: Tom Browder
>
> If I build a new server using --enable-systemd how does that affect
> using apachectl?
>
> Can I still apachectl for interactive start/stop while systemd
> takes care of reboots?
>
You would use "systemctl" to
On Wed, Jun 17, 2020 at 15:46 Richard
wrote:
...
> > If I build a new server using --enable-systemd how does that affect
> > using apachectl?
...
> You would use "systemctl" to start/stop/reload/... the server, e.g.,
>
>systemctl start httpd.service
Thanks, Richard.
Hm, that doesn't
On Wed, Jun 17, 2020 at 11:50 dmallor wrote:
> I have never used that module and always preferred to keep 80 open purely
> for redirects (and LE)
>
...
Thanks, Danny.
-Tom
On 17 Jun 2020, at 16:37, Tom Browder wrote:
> Thanks for the info--but all I'm only running a dozen or so hosts on a single
> server
Same.
> and trying to minimize maintenance.
Zero maintenance. Set it up once and forget it. It is all automated.
--
'They're the cream!' Rincewind sighed.
On Wed, Jun 17, 2020 at 18:11 @lbutlr wrote:
> On 17 Jun 2020, at 16:37, Tom Browder wrote:
> > Thanks for the info--but all I'm only running a dozen or so hosts on a
> single
...
> Zero maintenance. Set it up once and forget it. It is all automated.
I wish I could use it (DNS-01) too, but
14 matches
Mail list logo
