On Tue, Jul 28, 2020 at 12:15:03PM -0400, Bill Cole wrote: > On 28 Jul 2020, at 10:19, Henrik K wrote: > > >Certbot runs just like before. I ditched the useless haproxy which > >handled > >port 80 redirect before, now everything is in Apache. Dunno if Darxus is > >alive, sent mail.. seems the script should be more suited to be run on > >sa-vm anyway than some external server. > > As noted in my later message: The script runs just fine from my own machine, > so it's something more subtle than not following the redirect. It uses > LWP::Simple->get() which apparently handles the redirect.
Thinking about it, it's probably SSL config. I used intermediate setup from https://ssl-config.mozilla.org/ which might not be compatible with darxuses (old?) client. Switched config to old compatible, which is fine as ruleqa isn't a sensitive service. > As for running on an external server, that has the advantage of providing an > entirely unprivileged view of updates, e.g. just like any normal user. It makes zero difference where a query is made, ruleqa.cgi returns exactly the same response.
