On 4/22/23 14:30, Patrick O'Callaghan wrote:
On Sun, 2023-04-23 at 06:47 +0930, Tim via users wrote:
On Sat, 2023-04-22 at 18:45 +0100, Patrick O'Callaghan wrote:
My understanding is that it needs port 80 for the initial token
negotiation to get the certificate to set up HTTPS. Requiring port
443
would be a circular dependency.
[...]
And, testing that: If I disable all port 80 connections, I can
connect
to my webserver using HTTPS over port 443.
Their error message seems to indicate that *it* wants a connection
response from the webserver on port 80 with your site's domain name
in
the response headers (to prove you own the site). This seems to be a
bizarre requirement. Possibly the cert checker needs programming
better, rather than Apache needing something done to it.
That's entirely possible of course.
Nor should you really have to have a virtual host. You could be a
webserver that you own totally and it only serves your website. It
seems some oddball demands from the cert checker.
I do agree with that. I think it's a specific limitation of Certbot
itself, which (from discussions on the LetsEncrypt site) actually
messes with your Apache config while it's doing its testing. Other
implementations of the ACME protocol don't seem to require this, but
I'm just guessing.
There are other methods. You can tell it where the webroot is (as
described by Markus), you can have certbot run its own web server, you
can use a DNS entry, etc.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
