Just to recap, the goal was to serve a little personal website using my freedombox instead of the desktop system where it has lived until recently, and to have it place nicely with freedombox. I copied over my vhost configuration and LetsEncrypt files, taking care not to clobber. I enabled the personal site (using a2ensite) and got TLS certificate errors because, as it turns out, I must have made some mistale, as a result of which the "snakeoil" cert you get by default was being used instead of the LetsEncrypt one I intended.
I read Sunil's advice, fiddled around... finally disabled the personal site and deleted its .conf, thinking it best to start over from the top with that bit of it, but left my additions to /etc/letsencrypt intact. I also commented out RedirectMatch "^/$" "/plinth" in /etc/apache2conf-available/freedombox-tls-site-macro.conf. Then I copied my old vhost config from the desktop onto the freedombox's /etc/apache2/sites-available once again, enabled it, reloaded apache config, and... the personal page loads correctly, and /plinth loads correctly. No more certificate errors! But! But when I try https://lin-chi.dyndns.org/plinth/sys/config/, we blow up with a 500 error: Mar 06 15:54:04 freedombox /usr/bin/plinth[19880]: Internal Server Error: /plinth/sys/config/ Traceback (most recent call last): File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py", line 41, in inner response = get_response(request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/lib/python3/dist-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/usr/lib/python3/dist-packages/plinth/modules/config/views.py", line 40, in index status = get_status() File "/usr/lib/python3/dist-packages/plinth/modules/config/views.py", line 66, in get_status 'defaultapp': config.get_default_app(), File "/usr/lib/python3/dist-packages/plinth/modules/config/__init__.py", line 69, in get_default_app return app_path.strip('"').strip('/') UnboundLocalError: local variable 'app_path' referenced before assignment FWIW, this is the configuration for the vhost that I enabled: <IfModule mod_ssl.c> <VirtualHost *:443> ServerName lin-chi.dyndns.org ServerAdmin webmaster@localhost #RedirectMatch "^/$" "/index.html" # nope DocumentRoot /var/www/html # when we do this, we get the mismatched certificate error again (CN=freedombox) #DocumentRoot /opt/www/lin-chi/public ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/letsencrypt/live/lin-chi.dyndns.org/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/lin-chi.dyndns.org/privkey.pem #Include /etc/letsencrypt/options-ssl-apache.conf <Directory /opt/www/lin-chi/public > Options +FollowSymLinks -MultiViews #AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule> Not sure if it bears mentioning that I saved this as lin-chi.tls.conf and a2ensite-enabled it without touching or disabling either default-ssl.conf or default-tsl.conf Anyway -- the present situation is that I can either disable RedirectMatch "^/$" "/plinth" (in freedombox.conf) and break /plinth/sys/config/, or I can enable RedirectMatch "^/$" "/plinth" but not be able to reach the personal site unless I request index.html. I am wondering about trying to work around with mod_rewrite, but I'm hoping there's a better solution. Any further suggestions? Thanks. --- David Mintz https://davidmintz.org Capitalism has failed. https://wsws.org On Mon, Mar 4, 2019, at 2:09 PM, Sunil Mohan Adapa wrote: > On 04/03/19 9:27 am, David Mintz wrote: > [...] > > > > SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 > > * ALPN, server accepted to use http/1.1 > > * Server certificate: > > * subject: CN=freedombox > > * start date: Dec 21 18:54:29 2018 GMT > > * expire date: Dec 18 18:54:29 2028 GMT > > * issuer: CN=freedombox > > * SSL certificate verify result: self signed certificate (18), continuing > > anyway. > >> HEAD / HTTP/1.1 > >> Host: lin-chi.dyndns.org > >> User-Agent: curl/7.58.0 > >> Accept: */* > > > > And I think this is weird because it the vhost config really does point to > > a certificate that was in fact was issued by LetsEncrypt, and which was > > working perfectly up until I moved it all from its former machine to the > > freedombox. > > > > I thought of trying to get a new certificate but to my surprise, on the > > freedombox certbot said it could not configure my web server -- and I could > > not figure out the cert-only method. > > The certificate is actually the self-signed certificate that is used > when specific domain configuration does not exist. This is not the > certificate of the already configured subdomain. > > This can only mean that configuration for the new domain was not > created/activated properly (spelling mistakes, placed in incorrect > directory etc.). Check that it was actually enabled properly. Apache's > debug logging should help understand the problem. > > [...] > _______________________________________________ Freedombox-discuss mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
