On 2022/07/04 11:29, Yong Walt wrote:
Thank you Jack. The problem I have is that I don't have a DocRoot IMO. I will check this configuration.Regards. On Sun, Jul 3, 2022 at 7:53 PM Jacques Deguest <j...@deguest.jp> wrote: Re, You're probably going to need a DocRoot directive somewhere though. You might want to check the sanity of your configuration with Apache command line -t flag On 2022/07/03 19:32, Jacques Deguest wrote:Sure, comment out all the perl stuff that are not required for certbot to work, run something like: certbot certonly --rsa-key-size 4096 --agree-tos --email yongw...@gmail.com -d luck.cloudcache.net <http://luck.cloudcache.net> Get the cert, and then after uncomment what you previously commented out. It should work. Regards, Jacques On 2022/07/03 19:29, Yong Walt wrote:This is my httpd.conf. <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName luck.cloudcache.net <http://luck.cloudcache.net> PerlPostConfigRequire /etc/apache2/modperl/startup.pl <http://startup.pl> <Location /> SetHandler modperl PerlResponseHandler LuckyNum </Location> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/luck.access.log combined </VirtualHost> How do you think I can set up the SSL? I asked it just b/c "certbot --apache" doesn't work for this handler. Thanks. On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <j...@deguest.jp> wrote: You do not even need to have a virtualhost with ssl enabled for certbot to work. You can have a simple VirtualHost responding to regular 80 port, then get the ssl certificate, then add the VirtualHost for SSL and all your modperl specifications to it. Something like the following, and once you got the certificate, you uncomment the 2nd part. ---- <Virtualhost *:80> ServerName api.example.org:80 <http://api.example.org:80> ServerAdmin w...@example.org DocumentRoot /var/www/api.example.org <http://api.example.org> DirectoryIndex "index.html" "index.pl <http://index.pl>" "index.php" CustomLog "/var/log/apache2/api.example.org-access.log" combined ErrorLog "/var/log/apache2/api.example.org-error.log" LogLevel warn <Directory "/var/www/api.example.org <http://api.example.org>"> Options All +MultiViews -ExecCGI -Indexes -Includes AllowOverride All </Directory> ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>" <IfModule mod_alias.c> Alias "/icons/" "/var/www/icons/" </IfModule> <IfModule mod_ssl.c> RewriteEngine on RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L] </IfModule> </VirtualHost> # <IfModule mod_ssl.c> # <VirtualHost *:443> # ServerName api.example.org:443 <http://api.example.org:443> # ServerAdmin w...@example.org # DocumentRoot /var/www/api.example.org <http://api.example.org> # DirectoryIndex "index.html" "index.php" # CustomLog "/var/log/apache2/api.example.org-access.log" combined # ErrorLog "/var/log/apache2/api.example.org-error.log" # LogLevel warn # <Directory "/var/www/api.example.org <http://api.example.org>"> # RewriteEngine Off # Options All +MultiViews -ExecCGI -Indexes -Includes # AllowOverride All # </Directory> # ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>" # <Directory "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"> # RewriteEngine Off # Options All +Includes +ExecCGI -Indexes +MultiViews # AllowOverride All # SetHandler cgi-script # AcceptPathInfo On # Require all granted # </Directory> # <IfModule mod_perl.c> # PerlOptions +GlobalRequest # PerlPassEnv MOD_PERL # PerlPassEnv HOME # PerlPassEnv SERVER_NAME # PerlPassEnv HTTP_HOST # PerlPassEnv REMOTE_ADDR # PerlPassEnv REMOTE_HOST # PerlPassEnv PATH_INFO # PerlPassEnv LC_MESSAGES # PerlPassEnv LANGUAGE # PerlModule Apache2::Request # PerlModule Apache2::Status # PerlModule Apache::DBI # <Location /> # SetHandler modperl # PerlHandler Apache::Registry # PerlSendHeader On # PerlSetupEnv On # PerlOptions +GlobalRequest # Options +Includes +ExecCGI # Order allow,deny # Allow from all # </Location> # </IfModule> # # SSLCertificateFile /etc/ssl/private/api.example.org/cert.pem <http://api.example.org/cert.pem> # SSLCertificateKeyFile /etc/ssl/private/api.example.org/privkey.pem <http://api.example.org/privkey.pem> # Include /etc/ssl/options-ssl-apache.conf # # <IfModule mod_alias.c> # Alias "/icons/" "/var/www/icons/" # </IfModule> # </Virtualhost> # </IfModule> ---- On 2022/07/03 19:00, Yong Walt wrote:but that vhost has a modperl handler as the endpoint only. On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya <mit...@gmail.com> wrote: You don't enable SSL for a endpoint you do it for a host/port combination. All endpoints under that virtual host is SSL enabled. On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongw...@gmail.com> wrote: Hello When I run certbot --apache for modperl handler service, it doesn't work. So how can I setup letsencrypt SSL for a pure handler web API? Thanks
OpenPGP_0x5F3C0261CDB2E752.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
