-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 8/24/20 11:45, James H. H. Lampert wrote: > On 8/22/20 7:35 AM, Christopher Schultz wrote: > >>> (1) every http request is unconditionally redirected to https: >>> >>> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC] >>> RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} >>> [R=301,L] >> >> This is not unconditional. That's what "RewriteCond" does: it >> sets up a condition :) >> >> If Let's Encrypt requests http://www.yoursite.com/ then it won't >> be redirected. > . . . >> What domains are you asking LE to certify? > > Except that the "www." prefix subdomain is undefined. There's no > entry for it in Amazon Route 53; it was deliberately *not* given in > the initial provisioning of the cert from LE, and it's *not* in the > certbot configuration file for the subdomain. So your RewriteCond[ition] is expected to always be true? Okay. Maybe remove it, then? BTW I think your rewrite will strip query strings and stuff like that. Maybe you just want RedirectPermanent instead of Rewrite(Cond|Rule)? Okay, so everyone gets redirected from http://exmaple.com/ to https://example.com/. If LE requests http://example.com/.well-known/uherfhuerhfiu then it will be redirected to https://example.com/.well-known/uherfhuerhfiu, presumably locate the correct file and authorize the certificate request, right? But you have said that "everything is unconditionally passed to Tomcat". You posted some config that definitely passes some things to Tomcat, but without seeing the rest of the <VirtualHost> configuration it's not possible to know for sure nothing else is going on. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9D8WcACgkQHPApP6U8 pFiyMRAAyS+lAy91W8/6aB2I1NnbxbmX1EB1pACnr7MzT35Z6LPttNXNRPNXufN0 hxJfoeep/4HBjd3m7v3n/NZAYle2/qfzhEb4LGvkVDwlznXeOYKUr4OV16NkhYvO G6mtLi+dIe23LCh8hsIeabcT+Ggds59cLyScsV5g9ID+DcAUyDN6XOnZRGjqlGRo jabdf1Ae+tjaWOSSQ1gseeK5s9ZliFvALh8qNSQMTj4txa5UJ9sUJbBbKm3NtQQT fFHFw7qeMfP1ROAW49FE8QqHKaVScG1g4xsGbtkgahqiDyS8EF0FTgResxJiVLYy FM0NZH8q8RAQEyeZUr9Vyq8YsRSII/4NTaeH29oiE8k33ipV8SzC18e58a1Lo1e8 kQj9F8c6cQkZiLDmte0TfeKem+bSv2aUtt6XhVNRBKv28Tvb8Vml+cMiuoMQktyg 8C8tn9ZxRQlsNF1YbpSTRf4xGHEiSg23u5zPWohCMi8nOwom3gf1UexEMIb9hvbj qn3Or2P7l6nn8Ij3bTYejoIFDo647t1cRmgnb9C4nxXgGFR2kNVLVKZVehnWUYxQ 2A7No7CeLfJSEui3NowKy/WLwUkR+dX65hSaC3qZFpNpg6TzixqqGHOaGLLkCfoZ jxnfhhs3Zk3j3Ipz2rZsUdT2Mwaytw750UNfZbuSWF9/F0C8f+0= =50tL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org