Lets Encrypt Apache Renew Fails When Using ProxyPass

Written by James McDonald

IT Tips

0 Comments(s)

July 17, 2017

These Apache Proxy rules will send all traffic to the backend host

ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

Which causes letencrypt to fail when trying to renew the SSL Cert on the Proxy Host because the request for http://yoursslcerthost.example.com/.well-known/  gets incorrectly passed to the backend host

So to make it work you need to tell mod_proxy to ignore that path as follows. Then you certbot-auto renew –no-self-upgrade command will complete successfully

ProxyPass /.well-known/ !
ProxyPass / http://10.80.19.5/
ProxyPassReverse / http://10.80.19.5/

The error you will see when running certbot-auto manually may look like


IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: yoursslcerthost.example.com
Type: unauthorized
Detail: Invalid response from
http://yoursslcerthost.example.com/.well-known/acme-challenge/U2LE5nLJAjd8qivBEJ-MdFdLDMRI2sihEARSPik24O3:

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Clear HSTS Settings in CHrome

Apr 15, 2024

Open chrome://net-internals/#hsts enter the domain in the query field and click Query to confirm it has HSTS settings...

Ubuntu on Hyper-v

Apr 13, 2024

It boils town to installing linux-azure # as root or sudo apt-get update apt-get install linux-azure...