Parliament Hill Computers Ltd
Parliament Hill Computers Ltd
Let's Encrypt needs to be sure that the bot asking for a certificate to be signed is really acting on behalf of the domain that it claims that it is.
The way that it does this is by a challenge/response mechanism.
This needs to be put into every virtual host that is in the certificate family.
Ie in the .cnf file the names listed under commonName
and any DNS.1, etc.
To help you with this the InitialSetup script will have created a
file httpd.conf.challenge that probably contains:
# This you should into the vhosts that listen on port 80
# on the first edit of Apache configuration.
# It makes the challenge directory visible to Let's Encrypt:
RewriteEngine On
Alias /.well-known/acme-challenge/ "/var/www/acme/acme-challenge/"
RewriteRule "^/.well-known/acme-challenge/" - [L]
<Directory "/var/www/acme/acme-challenge/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
The contents of httpd.conf.challenge should be put at the start of
the <VirtualHost *:80> definition. The only
directives before it being ServerAdmin,
DocumentRoot, ServerName,
ServerAlias, ErrorLog, CustomLog. Eg:
<VirtualHost *:80>
ServerAdmin bofh@example.com
DocumentRoot /var/www/example/html
ServerName www.example.com
ServerAlias devel.example.com
ErrorLog logs/example/error_log
CustomLog logs/example/access_log combined
RewriteEngine On
Alias /.well-known/acme-challenge/ "/var/www/acme/acme-challenge/"
RewriteRule "^/.well-known/acme-challenge/" - [L]
<Directory "/var/www/acme/acme-challenge/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Next page: Generate, test & ask Let's Encrypt to sign a Certificate Signing Request
Return to How to Configure Let's Encrypt with acme_tiny.py
Return to tutorial home.
If you want any help using the above, or have any comments or suggestions, please contact us.