Lets Encrypt Apache Renew Fails When Using ProxyPass

Written by James McDonald

IT Tips

0 Comments(s)

July 17, 2017

These Apache Proxy rules will send all traffic to the backend host

ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

Which causes letencrypt to fail when trying to renew the SSL Cert on the Proxy Host because the request for http://yoursslcerthost.example.com/.well-known/  gets incorrectly passed to the backend host

So to make it work you need to tell mod_proxy to ignore that path as follows. Then you certbot-auto renew –no-self-upgrade command will complete successfully

ProxyPass /.well-known/ !
ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

The error you will see when running certbot-auto manually may look like


IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: yoursslcerthost.example.com
Type: unauthorized
Detail: Invalid response from
http://yoursslcerthost.example.com/.well-known/acme-challenge/U2LE5nLJAjd8qivBEJ-MdFdLDMRI2sihEARSPik24O3:

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Network speed test host to host

Apr 19, 2024

On Ubuntu / Debian apt-get install iperf3 On Windows download it from https://iperf.fr/iperf-download.php#windows Make...