[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] LetsEncrypt / EPrints Rewrite rules

I've been looking at the instructions here:
and wondering how they actually work alongside an EPrints install.

In the EPrints::Apache::Rewrite module (which would normally handle anything in the EPrints' domain, there is a specific rule declining access to anything including '/.'.
The normal LetsEncrypt issuance/renewal process uses an asynchronous challenge/response to the server - normally to a URL like:
http://DOMAIN/.well-known/acme-challenge/[random<http://DOMAIN/.well-known/acme-challenge/%5brandom> string]

This contains the '/.' string, so the EPrints stack rejects the request.

There are two resolutions to this:

1)      Add a rule to the Apache config to prevent the EPrints stack handling the '.well-known' directory

2)      Add a URL rewrite trigger to serve the '.well-known' directory (if it exists).

For my test server, I have gone down the second of these routes - and will add details to the Wiki page.

Can someone using LetsEncrypt confirm that the above is correct - and provide an example of the Apache config used?
There may be other approaches - LetsEncrypt has various mechanisms, but the Apache or Webroot ones are the most relevant here I think.


John Salter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20200507/b5618b23/attachment.html