-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
James,
On 8/18/20 19:47, James H. H. Lampert wrote:
> Something just worked, that I wasn't expecting to work. Or rather,
> I was expecting it to work, but kill cert renewal.
>
> The port 80 virtual host had
>> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC]
>> RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI}
>> [R=301,L]
>
> which I commented out, because https for that virtual host is a
> pure front-end for Tomcat, and of course, Certbot needs to stick
> something on the server that Let's Encrypt is expecting to be able
> to find.
>
> So a few minutes ago, just for test purposes, I uncommented the
> above lines. Initially, it didn't work (it redirected the browser
> from http://foo.bar.com to a nonexistent https://www.foo.bar.com),
> but when I removed the "www" in the RewriteRule, changing the block
> to
>> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC]
>> RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
>
> it worked just fine.
>
> So then, I did a "certbot renew --force-renewal" (expecting it to
> fail on the relevant cert, but in fact, it renewed just fine.
>
> Not to look a gift equine in the masticatory orifice, but what am
> I missing here? What went right, when I was expecting it to go
> wrong? Why didn't the "rewrite" lines break renewal?
Why would you think that redirecting from http -> https would block
renewal?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8/9qEACgkQHPApP6U8
pFhpGg//cyv9CbQmk1RFVA87af5gg2+3EUeF6usVXRJQJZqf48iqfKoXv8S+qBb3
5enCuLsIlLLJiAJvDYR6OcE5o2IVbCZvX4M+w4M9fN3Y5PP41fW0CfDZL6JCNup7
B5tK4v3pUuRASkSgf9By6fGKo4YUQuHNxgXB+06PdrVJUAo/4OptRgq9VDxGKWCv
wsibld8WwCNO52rU6O0/SA5fn30uw5WwJ0UfhjL2ki5GeFFCKMv61i9m0YhJ6XP2
Cxb8+LBAIG4Dzk8ix6IXiCSA9cfw5TbyVPibjmRhmnovIuHN5KFog14r+R/ucW3C
BzZBhKu/ayqs+JSih7FzbaH9l5UZ8568pz1AxvvbjTD6U4zdSr5Q0xirKBQBBVwW
QF8B0cHbXzEjy9SxNF7iUhMIMOtzkBxQWDTuRbWOWuWV4D8zmbkXO04ZrylKOteV
tl66flpZVwnjAaql4Pts3gsJgH/oWLUz3Q3kp5C6/oG+nwaM/OwI6nJ6Fa5bL9cc
qnVTp+3Stm2v6LQ2J2w8xxwrXE8elns9ueMpVkENPjrsMj4DnyWWBUGA4Sw4x9pb
FycPnlI8hlPAeTVBTGvTSxjM5E3OLfvkEf4flEYS5lN+2dcTlxub20uNoCOhYteT
eS6peArjYiFhgeEkWMQN+haPe2mpjdFUB6aXj62ZLrC8tszN8jg=
=jR6T
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
