Lets Encrypt Apache Renew Fails When Using ProxyPass

Written by James McDonald

July 17, 2017

These Apache Proxy rules will send all traffic to the backend host

ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

Which causes letencrypt to fail when trying to renew the SSL Cert on the Proxy Host because the request for http://yoursslcerthost.example.com/.well-known/  gets incorrectly passed to the backend host

So to make it work you need to tell mod_proxy to ignore that path as follows. Then you certbot-auto renew –no-self-upgrade command will complete successfully

ProxyPass /.well-known/ !
ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

The error you will see when running certbot-auto manually may look like


IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: yoursslcerthost.example.com
Type: unauthorized
Detail: Invalid response from
http://yoursslcerthost.example.com/.well-known/acme-challenge/U2LE5nLJAjd8qivBEJ-MdFdLDMRI2sihEARSPik24O3:

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

PHPSECLIB3 Client Algorithms

Recently our EDI supplier notified that they were changing their SFTP encryption and data integrity algorithms I use...