Date: Thu, 18 Jan 2018 23:52:42 +0100 From: Peter Boosten <peter@boosten.org> To: David Mehler <dave.mehler@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: acme-client and multiple domains periodic renewal Message-ID: <E4D62E34-A9DD-4242-AB0B-575BB199782D@boosten.org> In-Reply-To: <CAPORhP5pgd%2BRL8v6SZ8YxQ9=qZ0F242y_OQ_LRxmHJpVcGyweA@mail.gmail.com> References: <CAPORhP4HzZedjTKq0bcUUTT%2BxUSPeEcR=h7-OfdjO84JRBChTg@mail.gmail.com> <21941967-64AB-4585-8F16-1323CF080E54@boosten.org> <CAPORhP5pgd%2BRL8v6SZ8YxQ9=qZ0F242y_OQ_LRxmHJpVcGyweA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David,
I’ve defined the acme alias for every virtual host:
<VirtualHost something>
Alias /.well-known/acme-challenge "/usr/local/www/acme/"
SSLCertificateFile …
SSLEngine on
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>
<Directory "/usr/local/www/acme/">
Options None
AllowOverride None
ForceType text/plain
Require all granted
</Directory>
</VirtualHost>
The main difference between your and my configuration is the Alias. It took me a while to get this right.
/usr/local/etc/acme/acme-client.sh holds this:
BASEDIR="/usr/local/etc/acme"
SSLDIR="/usr/local/etc/ssl/acme"
DOMAINSFILE="${BASEDIR}/domains.txt"
CHALLENGEDIR="/usr/local/www/acme"
and
domains.txt:
domain.one www.domain.one sub.domain.one sub2.domain.one
I did some troubleshooting by running the acme-client (in /usr/local/bin) manually (don’t forget the -s, or else you will be blocked for some time).
Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E4D62E34-A9DD-4242-AB0B-575BB199782D>