On 8/21/20 1:02 PM, logo wrote:
From my experience I have excluded .well-known from the redirect.
That appears to be the correct answer. I probably didn't see that line
back in August, or I probably would have replied by asking something
like, "Ok, and how do I do that?"
Be that as it may, Andrew Schulman came up with an answer on my
ServerFault thread (https://serverfault.com/a/1041882/498231) to the
effect of changing the rewrite block from:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
to:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
While I'm not going to be certain until December, when the cached
challenge expires, it certainly seems to work: if I go to
http://sub.domain.com, it immediately redirects me to
https://sub.domain.com, and I get the Tomcat server, whereas if I try to
go to http://sub.domain.com/.well-known/acme-challenge/foo, it remains
http, and gives me the expected "Not Found" error.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
