-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
James,
On 8/24/20 11:45, James H. H. Lampert wrote:
> On 8/22/20 7:35 AM, Christopher Schultz wrote:
>
>>> (1) every http request is unconditionally redirected to https:
>>>
>>> RewriteEngine on RewriteCond %{HTTP_HOST} !^www\. [NC]
>>> RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
>>> [R=301,L]
>>
>> This is not unconditional. That's what "RewriteCond" does: it
>> sets up a condition :)
>>
>> If Let's Encrypt requests http://www.yoursite.com/ then it won't
>> be redirected.
> . . .
>> What domains are you asking LE to certify?
>
> Except that the "www." prefix subdomain is undefined. There's no
> entry for it in Amazon Route 53; it was deliberately *not* given in
> the initial provisioning of the cert from LE, and it's *not* in the
> certbot configuration file for the subdomain.
So your RewriteCond[ition] is expected to always be true? Okay. Maybe
remove it, then? BTW I think your rewrite will strip query strings and
stuff like that. Maybe you just want RedirectPermanent instead of
Rewrite(Cond|Rule)?
Okay, so everyone gets redirected from http://exmaple.com/ to
https://example.com/. If LE requests
http://example.com/.well-known/uherfhuerhfiu then it will be
redirected to https://example.com/.well-known/uherfhuerhfiu,
presumably locate the correct file and authorize the certificate
request, right?
But you have said that "everything is unconditionally passed to
Tomcat". You posted some config that definitely passes some things to
Tomcat, but without seeing the rest of the <VirtualHost> configuration
it's not possible to know for sure nothing else is going on.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9D8WcACgkQHPApP6U8
pFiyMRAAyS+lAy91W8/6aB2I1NnbxbmX1EB1pACnr7MzT35Z6LPttNXNRPNXufN0
hxJfoeep/4HBjd3m7v3n/NZAYle2/qfzhEb4LGvkVDwlznXeOYKUr4OV16NkhYvO
G6mtLi+dIe23LCh8hsIeabcT+Ggds59cLyScsV5g9ID+DcAUyDN6XOnZRGjqlGRo
jabdf1Ae+tjaWOSSQ1gseeK5s9ZliFvALh8qNSQMTj4txa5UJ9sUJbBbKm3NtQQT
fFHFw7qeMfP1ROAW49FE8QqHKaVScG1g4xsGbtkgahqiDyS8EF0FTgResxJiVLYy
FM0NZH8q8RAQEyeZUr9Vyq8YsRSII/4NTaeH29oiE8k33ipV8SzC18e58a1Lo1e8
kQj9F8c6cQkZiLDmte0TfeKem+bSv2aUtt6XhVNRBKv28Tvb8Vml+cMiuoMQktyg
8C8tn9ZxRQlsNF1YbpSTRf4xGHEiSg23u5zPWohCMi8nOwom3gf1UexEMIb9hvbj
qn3Or2P7l6nn8Ij3bTYejoIFDo647t1cRmgnb9C4nxXgGFR2kNVLVKZVehnWUYxQ
2A7No7CeLfJSEui3NowKy/WLwUkR+dX65hSaC3qZFpNpg6TzixqqGHOaGLLkCfoZ
jxnfhhs3Zk3j3Ipz2rZsUdT2Mwaytw750UNfZbuSWF9/F0C8f+0=
=50tL
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
