Something just worked, that I wasn't expecting to work. Or rather, I was
expecting it to work, but kill cert renewal.
The port 80 virtual host had
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
which I commented out, because https for that virtual host is a pure
front-end for Tomcat, and of course, Certbot needs to stick something on
the server that Let's Encrypt is expecting to be able to find.
So a few minutes ago, just for test purposes, I uncommented the above
lines. Initially, it didn't work (it redirected the browser from
http://foo.bar.com to a nonexistent https://www.foo.bar.com), but when I
removed the "www" in the RewriteRule, changing the block to
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
it worked just fine.
So then, I did a "certbot renew --force-renewal" (expecting it to fail
on the relevant cert, but in fact, it renewed just fine.
Not to look a gift equine in the masticatory orifice, but what am I
missing here? What went right, when I was expecting it to go wrong? Why
didn't the "rewrite" lines break renewal?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org