acme-client and multiple domains periodic renewal
Peter Boosten
peter at boosten.org
Thu Jan 18 23:10:04 UTC 2018
Hi David,
I’ve defined the acme alias for every virtual host:
<VirtualHost something>
Alias /.well-known/acme-challenge "/usr/local/www/acme/"
SSLCertificateFile …
SSLEngine on
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>
<Directory "/usr/local/www/acme/">
Options None
AllowOverride None
ForceType text/plain
Require all granted
</Directory>
</VirtualHost>
The main difference between your and my configuration is the Alias. It took me a while to get this right.
/usr/local/etc/acme/acme-client.sh holds this:
BASEDIR="/usr/local/etc/acme"
SSLDIR="/usr/local/etc/ssl/acme"
DOMAINSFILE="${BASEDIR}/domains.txt"
CHALLENGEDIR="/usr/local/www/acme"
and
domains.txt:
domain.one www.domain.one sub.domain.one sub2.domain.one
I did some troubleshooting by running the acme-client (in /usr/local/bin) manually (don’t forget the -s, or else you will be blocked for some time).
Peter
More information about the freebsd-questions
mailing list