-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 8/21/20 13:14, James H. H. Lampert wrote: > On 8/21/20 9:30 AM, Christopher Schultz wrote: > >> Why would you think that redirecting from http -> https would >> block renewal? > > Because, at least if I correctly understand what I set up, > > (1) every http request is unconditionally redirected to https: > > RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule > ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] This is not unconditional. That's what "RewriteCond" does: it sets up a condition :) If Let's Encrypt requests http://www.yoursite.com/ then it won't be redirected. > (2) every https request is unconditionally passed to Tomcat. > > ProxyPass "/" "http://127.0.0.1:8080/" ProxyPassReverse "/" > "http://127.0.0.1:8080/" ProxyRequests Off > > and (3) Let's Encrypt rechecks domain control when it renews, and > therefore Certbot needs to put something where the Let's Encrypt > server can find it. > > Are any of these assumptions wrong? What domains are you asking LE to certify? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9BLSAACgkQHPApP6U8 pFjFIQ//cO9QGyqvHZzmWm1m28CCCZ4bjG/LpLH8QbflQHrum39wV1b5l+idWdST QlnBV9ZWmFlHFqLw/NyHXUW6o3GHZRv0ObKJ+qVBZlSQ2dS1IZ4DQkQBuq7qq2ZK PNg2Z8Gu9TkaGAbn7G6VqOht+AQ5BdnjSkQLKlA/9goJIx/vt7oqZusXk9eAHL06 hoKr44+LzhgdkoLI4fAFNBeHx9tSnOluovT75/cHRTMcOoyIOAOXn0sjeQTiJZw/ i/yBjp3SkSZCvmzWj0rpOfmrvb3Fe+s/yXtvNWdsWptVUuDEeFcGKq+syVPuRB0I K37q/FFEKmeQyOsqqKdwHv0kiWOASoFRqt+Or5Rvqo22MhV2abhkJ2P2u23BkLOy nTA6deeHZOXzSptjzVrgzAXpNO88dL0WFarMONLs/hffCIGVSRbVgzUS3vawS5z1 Ar+DM26Hna2ZB7VjjgpXMivsXAPUJWxxZhMJt0tniq6T1YHHJJdpIUh6QYsGR6Tg Oo6aSNK7tPPDdgmCEkuqB1S3qEmhNvD4AKVlkZ/L9PVqGOUDEMNn5DRGduobNz+B eTiYIImIovIQhRy2cRmNmgSotOlwxkJMFX+eat9eJT/0NTKG0tlwajBculzEIPH3 3CConKkHXAuzTj1KZbVMYon2fAfuN6VbOkEdl4bEWNBm2NFnfAk= =R0qT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org