On Mon, 2023-04-24 at 10:44 -0700, Samuel Sieb wrote:
> On 4/24/23 05:51, Tim via users wrote:
> > That site's whole bit about sites-available and sites-enabled, with
> > symlinking, is a rat's nest of directories that I've never
> > encountered
> > before. We already have an /etc/httpd/conf.d/
On Mon, 2023-04-24 at 12:27 -0400, Jeffrey Walton wrote:
> > Why? Because being unfamiliar with Apache (and Certbot) I was
> > foolishly
> > following an online step-by-step guide:
> >
> > https://www.linuxshelltips.com/install-apache-fedora-linux/
> >
> > I've since seen the error of my ways
On 4/24/23 05:51, Tim via users wrote:
That site's whole bit about sites-available and sites-enabled, with
symlinking, is a rat's nest of directories that I've never encountered
before. We already have an /etc/httpd/conf.d/ that can hold all extra
config files. And you can easily create an
On Mon, Apr 24, 2023 at 5:14 AM Patrick O'Callaghan
wrote:
>
> On Sun, 2023-04-23 at 14:56 -0700, Samuel Sieb wrote:
> > On 4/23/23 14:50, Patrick O'Callaghan wrote:
> > > I had a look at /var/log/httpd/error_log and found this:
> > >
> > > httpd: could not open error log file
> > >
On Mon, 2023-04-24 at 22:21 +0930, Tim via users wrote:
> Samuel Sieb:
> > > As someone else mentioned, why are you writing logs to the web
> > > server
> > > data directory? There's a directory (/var/log/httpd) that's
> > > already
> > > intended for that. The file context is most likely going
Samuel Sieb:
>> As someone else mentioned, why are you writing logs to the web server
>> data directory? There's a directory (/var/log/httpd) that's already
>> intended for that. The file context is most likely going to be
>> wrong, which is why selinux is (rightly) blocking it.
Patrick
On Sun, 2023-04-23 at 14:56 -0700, Samuel Sieb wrote:
> On 4/23/23 14:50, Patrick O'Callaghan wrote:
> > I had a look at /var/log/httpd/error_log and found this:
> >
> > httpd: could not open error log file
> > /var/www/bree.org.uk/error.log
> >
> > I rechecked and that file definitely
On Sun, 2023-04-23 at 15:29 -0700, Mike Wright wrote:
> I don't understand how his logs are accessible to the web. They are not
> under the DocumentRoot. error.log is above it and access.log is next to
> it. Is it somehow possible for a client to reach above / ?
Normally, they aren't. But
Chris Adams wrote:
> Once upon a time, Mike Wright said:
>> I don't understand how his logs are accessible to the web. They are
>> not under the DocumentRoot. error.log is above it and access.log is
>> next to it. Is it somehow possible for a client to reach above / ?
>
> I didn't look at the
Once upon a time, Mike Wright said:
> I don't understand how his logs are accessible to the web. They are
> not under the DocumentRoot. error.log is above it and access.log is
> next to it. Is it somehow possible for a client to reach above / ?
I didn't look at the posted configs (I haven't
On Sun, 2023-04-23 at 18:58 -0400, Jeffrey Walton wrote:
> On Sun, Apr 23, 2023 at 6:53 PM Jeffrey Walton
> wrote:
> >
> > On Sun, Apr 23, 2023 at 5:51 PM Patrick O'Callaghan
> > wrote:
> > >
> > > On Mon, 2023-04-24 at 05:06 +0930, Tim via users wrote:
> > > > On Sun, 2023-04-23 at 12:21
On Sun, Apr 23, 2023 at 6:53 PM Jeffrey Walton wrote:
>
> On Sun, Apr 23, 2023 at 5:51 PM Patrick O'Callaghan
> wrote:
> >
> > On Mon, 2023-04-24 at 05:06 +0930, Tim via users wrote:
> > > On Sun, 2023-04-23 at 12:21 -0700, T.C. Hollingsworth wrote:
> > > > Webroot authentication is pretty
On Sun, Apr 23, 2023 at 5:51 PM Patrick O'Callaghan
wrote:
>
> On Mon, 2023-04-24 at 05:06 +0930, Tim via users wrote:
> > On Sun, 2023-04-23 at 12:21 -0700, T.C. Hollingsworth wrote:
> > > Webroot authentication is pretty simple, what trips most people up
> > > is
> > > it puts it in a dot
On 4/23/23 15:08, Chris Adams wrote:
Once upon a time, Patrick O'Callaghan said:
httpd: could not open error log file /var/www/bree.org.uk/error.log
Putting the log under /var/www is very bad practice, as that could be
remotely accessible now (and share all kinds of useful information
Once upon a time, Patrick O'Callaghan said:
> httpd: could not open error log file /var/www/bree.org.uk/error.log
Putting the log under /var/www is very bad practice, as that could be
remotely accessible now (and share all kinds of useful information to
attackers). Rather than do that, and
On 4/23/23 14:50, Patrick O'Callaghan wrote:
I had a look at /var/log/httpd/error_log and found this:
httpd: could not open error log file /var/www/bree.org.uk/error.log
I rechecked and that file definitely exists and is writable by root
(which httpd runs as). However a suspicion arose
On Mon, 2023-04-24 at 05:06 +0930, Tim via users wrote:
> On Sun, 2023-04-23 at 12:21 -0700, T.C. Hollingsworth wrote:
> > Webroot authentication is pretty simple, what trips most people up
> > is
> > it puts it in a dot directory /.well-known/acme-challenge/ and a
> > lot
> > of open source
On Sun, Apr 23, 2023 at 3:20 PM Tim via users
wrote:
> [...]
> >> not secure. There's no obvious indication about who issued the
> >> certificate.
>
> > There is no certificate.
>
> There was. I could see basic details about it.
Yeah, it does not look like there's a listener on 443 at the
On 4/22/23, Patrick O'Callaghan wrote:
> How does Apache set up a
> certificate if it's only reachable via port 443, which requires a
> certificate?
It uses the ALPN feature of SSL/TLS that is ordinarily used to allow
clients to select HTTP 2 over the default HTTP 1 to instead allow the
Let's
On Sun, 2023-04-23 at 12:21 -0700, T.C. Hollingsworth wrote:
> Webroot authentication is pretty simple, what trips most people up is
> it puts it in a dot directory /.well-known/acme-challenge/ and a lot
> of open source packages include Apache rules that block dotfiles with
> errors to hide these
On 4/23/23, T.C. Hollingsworth wrote:
> On 4/23/23, Patrick O'Callaghan wrote:
>> On Mon, 2023-04-24 at 02:36 +0930, Tim via users wrote:
>>> If you browse to http://bree.org.uk/ and https://bree.org.uk/
>>> do you get the same results?
>>>
>> Internally, yes.
>
> If you want a *publicly*
Tim:
>> If you browse to http://bree.org.uk/ and https://bree.org.uk/
>> do you get the same results?
>
Patrick O'Callaghan:
> Internally, yes.
I forgot to mention: You should switch off any HTTPS-only browser
plug-ins (if you have any), while doing this kind of test. It's only
going to add
On 4/23/23, Patrick O'Callaghan wrote:
> On Mon, 2023-04-24 at 02:36 +0930, Tim via users wrote:
>> If you browse to http://bree.org.uk/ and https://bree.org.uk/
>> do you get the same results?
>>
> Internally, yes.
If you want a *publicly* trusted certificate the authentication token
from
Hi.
On Sun, 23 Apr 2023 18:45:10 +0100 Patrick O'Callaghan wrote:
> The reason I suspect an Apache problem is as follows: when I configured
> the VirtualHost, it was via an included file:
> Now when I start Apache I get:
> # apachectl restart
> Job for httpd.service failed because the control
On 4/23/23 10:45, Patrick O'Callaghan wrote:
On Mon, 2023-04-24 at 02:36 +0930, Tim via users wrote:
If you browse to http://bree.org.uk/ and https://bree.org.uk/
do you get the same results?
Internally, yes.
If I try web browsing your site, I get the same "books" page to
either
address.
On Sun, 2023-04-23 at 09:33 -0500, Chris Adams wrote:
> Once upon a time, Patrick O'Callaghan said:
> > BTW 'certbot certonly ..." also failed. I'm 99% sure this is a
> > problem
> > with my Apache installation.
>
> I think others have mentioned it, but I would highly suggest using
> --webroot
On Mon, 2023-04-24 at 02:36 +0930, Tim via users wrote:
> If you browse to http://bree.org.uk/ and https://bree.org.uk/
> do you get the same results?
>
Internally, yes.
> If I try web browsing your site, I get the same "books" page to
> either
> address. There is a HTTPS connection, but it
On Sun, 2023-04-23 at 15:10 +0100, Patrick O'Callaghan wrote:
> I'm 99% sure this is a problem with my Apache installation.
On my internal test server, I use virtual hosts for the various
websites I maintain (I have local test versions that are exported to
the external servers that host the
Once upon a time, Patrick O'Callaghan said:
> BTW 'certbot certonly ..." also failed. I'm 99% sure this is a problem
> with my Apache installation.
I think others have mentioned it, but I would highly suggest using
--webroot rather than --apache. You have control of the Apache config
that way
On Sun, 23 Apr 2023 15:10:58 +0100
Patrick O'Callaghan wrote:
> BTW 'certbot certonly ..." also failed. I'm 99% sure this is a problem
> with my Apache installation.
Well, the apache documentation is only 11,371 pages, so it should
be easy to find :-).
That's basically why I'm using dnsmasq now
On Sun, 2023-04-23 at 15:01 +0100, Patrick O'Callaghan wrote:
> On Sun, 2023-04-23 at 15:21 +0200, Markus Schönhaber wrote:
> > 22.04.23, 23:40 +0200, Patrick O'Callaghan:
> >
> > > On Sat, 2023-04-22 at 23:31 +0200, Markus Schönhaber wrote:
> > > > 22.04.23, 19:42 +0200, Patrick O'Callaghan:
> >
On Sun, 2023-04-23 at 15:21 +0200, Markus Schönhaber wrote:
> 22.04.23, 23:40 +0200, Patrick O'Callaghan:
>
> > On Sat, 2023-04-22 at 23:31 +0200, Markus Schönhaber wrote:
> > > 22.04.23, 19:42 +0200, Patrick O'Callaghan:
> > >
> > > > On Sat, 2023-04-22 at 15:30 +0200, Markus Schönhaber wrote:
22.04.23, 23:40 +0200, Patrick O'Callaghan:
On Sat, 2023-04-22 at 23:31 +0200, Markus Schönhaber wrote:
22.04.23, 19:42 +0200, Patrick O'Callaghan:
On Sat, 2023-04-22 at 15:30 +0200, Markus Schönhaber wrote:
If certbot --apache doesn't work, you could try to only fetch the
certificates
On Sat, 2023-04-22 at 16:02 -0700, Mike Wright wrote:
> On 4/22/23 14:17, Tim via users wrote:
>
> >
> > Nor should you really have to have a virtual host.
>
> I think it may be referring to the Apache directive
AFAIK this is a limitation specific to Certbot. It's not fundamental to
how the
Tim:
>> Nor should you really have to have a virtual host.
Mike Wright:
> I think it may be referring to the Apache directive
So was I. You can have a webserver serving a solitary website.
Virtual host configs should only be necessary when you have multiple
sites on the same server.
Really,
On 4/22/23 14:17, Tim via users wrote:
Nor should you really have to have a virtual host.
I think it may be referring to the Apache directive
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to
On Sat, Apr 22, 2023 at 6:12 PM Tim via users
wrote:
>
> On Sat, 2023-04-22 at 14:32 -0700, Samuel Sieb wrote:
> > As Patrick said, using port 443 would be a circular dependency. There
> > is no "testing" of the cert, this is for providing the cert.
>
> Ah... I thought it was for checking and
On 4/22/23 15:11, Tim via users wrote:
On Sat, 2023-04-22 at 14:32 -0700, Samuel Sieb wrote:
As Patrick said, using port 443 would be a circular dependency. There
is no "testing" of the cert, this is for providing the cert.
Ah... I thought it was for checking and auto-renewing certificates
On Sat, 2023-04-22 at 14:32 -0700, Samuel Sieb wrote:
> As Patrick said, using port 443 would be a circular dependency. There
> is no "testing" of the cert, this is for providing the cert.
Ah... I thought it was for checking and auto-renewing certificates
before expiry (like certwatch).
> At
On Sat, 2023-04-22 at 23:31 +0200, Markus Schönhaber wrote:
> 22.04.23, 19:42 +0200, Patrick O'Callaghan:
>
> > On Sat, 2023-04-22 at 15:30 +0200, Markus Schönhaber wrote:
>
> > > If certbot --apache doesn't work, you could try to only fetch the
> > > certificates and manually configure httpd to
On 4/22/23 09:27, Peter Boy wrote:
With apache you have the advantage that you don't need certbot at all, but
apache does everything itself with the help of the md module. Configure as
follows:
# Letsencrypt certificate management via Apache mod_md
# By default, automatically all alternative
On 4/22/23 14:30, Patrick O'Callaghan wrote:
On Sun, 2023-04-23 at 06:47 +0930, Tim via users wrote:
On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
My understanding is that it needs port 80 for the initial token
negotiation to get the certificate to set up HTTPS. Requiring port
On 4/22/23 14:17, Tim via users wrote:
On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
My understanding is that it needs port 80 for the initial token
negotiation to get the certificate to set up HTTPS. Requiring port 443
would be a circular dependency.
So far as I'm aware,
On Sun, 2023-04-23 at 06:47 +0930, Tim via users wrote:
> On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
> > My understanding is that it needs port 80 for the initial token
> > negotiation to get the certificate to set up HTTPS. Requiring port
> > 443
> > would be a circular
22.04.23, 19:42 +0200, Patrick O'Callaghan:
On Sat, 2023-04-22 at 15:30 +0200, Markus Schönhaber wrote:
If certbot --apache doesn't work, you could try to only fetch the
certificates and manually configure httpd to actually use them
afterwards. I. e. do something like
# certbot certonly
On Sat, 2023-04-22 at 20:35 +0200, Peter Boy wrote:
>
>
> > Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan
> > :
> >
> > On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
> > >
> > >
> > > > Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
> > > > :
> > > >
> > > > I'm trying to set
On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
> My understanding is that it needs port 80 for the initial token
> negotiation to get the certificate to set up HTTPS. Requiring port 443
> would be a circular dependency.
So far as I'm aware, that's not the case. A HTTPS connection
> Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan :
>
> On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
>>
>>
>>> Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
>>> :
>>>
>>> I'm trying to set up a simple web server for personal use, using
>>> Apache, and want to enable HTTPS
On 4/22/23 10:26, Todd Zullinger wrote:
Mike Wright wrote:
I've never seen the port number included as part of the ServerName
directive. Try removing that and give it a go.
FWIW, the documented syntax¹ for ServerName is:
ServerName [scheme://]domain-name|ip-address[:port]
That docs go
On 04/22/2023 11:41 AM, Patrick O'Callaghan wrote:
No. I barely understand Apache and don't want to introduce another
variable.
If I were writing an encryption package, I think I'd name it Navajo,
after the WW II code talkers. I understand that some of the slang they
used for things such as
On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
>
>
> > Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
> > :
> >
> > I'm trying to set up a simple web server for personal use, using
> > Apache, and want to enable HTTPS access. This involves getting an
> > SSL
> > certificate and I'll be
On Sun, 2023-04-23 at 00:26 +0930, Tim via users wrote:
> On Sat, 2023-04-22 at 13:11 +0100, Patrick O'Callaghan wrote:
> > I'm trying to set up a simple web server for personal use, using
> > Apache, and want to enable HTTPS access. This involves getting an
> > SSL
> > certificate and I'll be
On Sat, 2023-04-22 at 15:30 +0200, Markus Schönhaber wrote:
> Am 22.04.23 um 14:11 schrieb Patrick O'Callaghan:
>
> > I'm trying to set up a simple web server for personal use, using
> > Apache, and want to enable HTTPS access. This involves getting an
> > SSL
> > certificate and I'll be using
On Sat, 2023-04-22 at 09:24 -0700, Mike Wright wrote:
> On 4/22/23 05:11, Patrick O'Callaghan wrote:
> > I'm trying to set up a simple web server for personal use, using
> > Apache, and want to enable HTTPS access. This involves getting an
> > SSL
> > certificate and I'll be using LetsEncrypt
On Sat, 2023-04-22 at 15:55 +0300, jarmo wrote:
> Sat, 22 Apr 2023 13:11:45 +0100
> Patrick O'Callaghan kirjoitti:
>
> > I'm trying to set up a simple web server for personal use, using
> > Apache, and want to enable HTTPS access. This involves getting an
> > SSL
> > certificate and I'll be
Mike Wright wrote:
> I've never seen the port number included as part of the ServerName
> directive. Try removing that and give it a go.
FWIW, the documented syntax¹ for ServerName is:
ServerName [scheme://]domain-name|ip-address[:port]
That docs go on to say:
If no port is specified
On Sat, Apr 22, 2023 at 8:13 AM Patrick O'Callaghan
wrote:
>
> I'm trying to set up a simple web server for personal use, using
> Apache, and want to enable HTTPS access. This involves getting an SSL
> certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
>
> The recommended way to do
> Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan :
>
> I'm trying to set up a simple web server for personal use, using
> Apache, and want to enable HTTPS access. This involves getting an SSL
> certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
>
> The recommended way to do
On 4/22/23 05:11, Patrick O'Callaghan wrote:
I'm trying to set up a simple web server for personal use, using
Apache, and want to enable HTTPS access. This involves getting an SSL
certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
The recommended way to do this is with Certbot,
On 4/22/23 05:11, Patrick O'Callaghan wrote:
I'm trying to set up a simple web server for personal use, using
Apache, and want to enable HTTPS access. This involves getting an SSL
certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
The recommended way to do this is with Certbot,
On Sat, 2023-04-22 at 13:11 +0100, Patrick O'Callaghan wrote:
> I'm trying to set up a simple web server for personal use, using
> Apache, and want to enable HTTPS access. This involves getting an SSL
> certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
>
> The recommended way to do
Am 22.04.23 um 14:11 schrieb Patrick O'Callaghan:
I'm trying to set up a simple web server for personal use, using
Apache, and want to enable HTTPS access. This involves getting an SSL
certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
The recommended way to do this is with
Sat, 22 Apr 2023 13:11:45 +0100
Patrick O'Callaghan kirjoitti:
> I'm trying to set up a simple web server for personal use, using
> Apache, and want to enable HTTPS access. This involves getting an SSL
> certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
Have you thought about
I'm trying to set up a simple web server for personal use, using
Apache, and want to enable HTTPS access. This involves getting an SSL
certificate and I'll be using LetsEncrypt (www.letsencrypt.org).
The recommended way to do this is with Certbot, but I can't get past
this error:
# certbot
64 matches
Mail list logo
