I can't just forward this as the system where we are trying Pound on requests Let's Encrypt certificate at early stages during creation of virtual server on port 80 and naturally doesn't find anything there, because Apache listens to port 8080. And in our case it is possible to create entries in in the Pound configuration file and restart it only after Let's Encrypt certificate is requested. And, unfortunately, Let's Encrypt always looks for verification file at port 80 like, for example:
http://sub.mydomain.com/.well-known/acme-challenge/h5_NnrfdAhQoHdNUsA36cFsnM7E469FM-EZwltWFzqw It is not possible for us to make Let's Encrypt to look for verification file at http://sub.mydomain.com:8080/.well-known/acme-challenge/h5_NnrfdAhQoHdNUsA36cFsnM7E469FM-EZwltWFzqw So it would be wonderful if Pound allowed just passing requests to .well-known directly to Apache. At least that's how it's done on nginx according to the accepted answers on https://serverfault.com/questions/768509/lets-encrypt-with-an-nginx-reverse-proxy or https://serverfault.com/questions/886583/how-to-configure-pound-proxy-to-pass-requests-to-well-known-directory. OR you can take a look at the relevant discussion and offered solutions on the Let's Encrypt website for nginx on https://community.letsencrypt.org/t/404-on-well-known-acme-challenge/15565/15 Unfortunately, there is no solution offered for Pound. There could be lot's of other use cases when bypassing is preferable, so I really hope Pound can do that. On Tue, Dec 5, 2017 at 3:15 PM, Joe Gooch <[email protected]> wrote: > Pound doesn’t have its own web server – you can’t give it a folder to read > static files from. > > > > You are correct that you can define some error templates, which it outputs > verbatim to the stream.. > > > > If you wanted to be tricky I guess you could define a service with no > backends, and then repurpose the 503 error response. > > > > Or you run the letsencrypt client itself on port 81, and just leave the > backend running. (--standalone mode?) > > > > ------ > > > > Joe > > > > > > From: Christian COMMARMOND <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Tuesday, December 5, 2017 at 6:05 PM > To: "[email protected]" <[email protected]> > Subject: Re: [Pound Mailing List] How to configure Pound proxy to pass > requests to .well-known directory? > > > > Following Joe advice, > > > > I did not install apache or nginx on the pound server... It itself is able > to serve its own error page... So, I am quite sure that the server has the > minimum needed to serve the .well_known files. > > (At least, I don't remember...) > > > > Best regards to all. > > > > > > > > Le 5 déc. 2017 23:38, "Joe Gooch" <[email protected]> a écrit : > > I’m not sure I understand the problem. > > You can do any number of URL based redirects to whatever ports you wish. > > Why isn’t a forward to apache sufficient for your needs? Lets Encrypt just > needs a file in that folder, correct? > > Another option is to run a local webserver (nginx, etc) on the pound server, > on a separate port (i.e. 81), and redirect .well-known URLS to that server. > (So you can run the perl script, or whatever) > > > > ------ > Joe > > > > > On 12/5/17, 4:14 PM, "Alan" <[email protected]> wrote: > > Hi, > > I've posted my question on > > https://serverfault.com/questions/886583/how-to-configure-pound-proxy-to-pass-requests-to-well-known-directory, > however it seems not many people are well familiar with Pound, so I've > found out I needed to subscribe to this mailing list to get support. > > We have Apache running behind Pound and so we are having troubles with > Let's Encrypt requests and renewals, and need to pass requests to the > .well-known directory and its sub-directories directly to Apache port. > > Could anyone explain how to do this on Pound? Thanks! > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
