-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 8/18/20 19:47, James H. H. Lampert wrote: > Something just worked, that I wasn't expecting to work. Or rather, > I was expecting it to work, but kill cert renewal. > > The port 80 virtual host had >> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] >> RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} >> [R=301,L] > > which I commented out, because https for that virtual host is a > pure front-end for Tomcat, and of course, Certbot needs to stick > something on the server that Let's Encrypt is expecting to be able > to find. > > So a few minutes ago, just for test purposes, I uncommented the > above lines. Initially, it didn't work (it redirected the browser > from http://foo.bar.com to a nonexistent https://www.foo.bar.com), > but when I removed the "www" in the RewriteRule, changing the block > to >> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] >> RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] > > it worked just fine. > > So then, I did a "certbot renew --force-renewal" (expecting it to > fail on the relevant cert, but in fact, it renewed just fine. > > Not to look a gift equine in the masticatory orifice, but what am > I missing here? What went right, when I was expecting it to go > wrong? Why didn't the "rewrite" lines break renewal? Why would you think that redirecting from http -> https would block renewal? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8/9qEACgkQHPApP6U8 pFhpGg//cyv9CbQmk1RFVA87af5gg2+3EUeF6usVXRJQJZqf48iqfKoXv8S+qBb3 5enCuLsIlLLJiAJvDYR6OcE5o2IVbCZvX4M+w4M9fN3Y5PP41fW0CfDZL6JCNup7 B5tK4v3pUuRASkSgf9By6fGKo4YUQuHNxgXB+06PdrVJUAo/4OptRgq9VDxGKWCv wsibld8WwCNO52rU6O0/SA5fn30uw5WwJ0UfhjL2ki5GeFFCKMv61i9m0YhJ6XP2 Cxb8+LBAIG4Dzk8ix6IXiCSA9cfw5TbyVPibjmRhmnovIuHN5KFog14r+R/ucW3C BzZBhKu/ayqs+JSih7FzbaH9l5UZ8568pz1AxvvbjTD6U4zdSr5Q0xirKBQBBVwW QF8B0cHbXzEjy9SxNF7iUhMIMOtzkBxQWDTuRbWOWuWV4D8zmbkXO04ZrylKOteV tl66flpZVwnjAaql4Pts3gsJgH/oWLUz3Q3kp5C6/oG+nwaM/OwI6nJ6Fa5bL9cc qnVTp+3Stm2v6LQ2J2w8xxwrXE8elns9ueMpVkENPjrsMj4DnyWWBUGA4Sw4x9pb FycPnlI8hlPAeTVBTGvTSxjM5E3OLfvkEf4flEYS5lN+2dcTlxub20uNoCOhYteT eS6peArjYiFhgeEkWMQN+haPe2mpjdFUB6aXj62ZLrC8tszN8jg= =jR6T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org