[BlueOnyx:22950] Re: Lets encrypt - renew for root name fail
Michael Stauber
mstauber at blueonyx.it
Sun Jun 16 16:21:15 -05 2019
Hi Thomas,
> is home/.acme/ the right place for the token ?
Yes, see:
[root@ ~]# cat /etc/httpd/conf.d/acme_sh.conf
Alias /.well-known/acme-challenge/ /home/.acme/
<Directory "/home/.acme/">
Options FollowSymLinks
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
Require all granted
</Directory>
In the past (before we redirected the /.well-known/acme-challenge calls
to /home/.acme/) it was always possible that an .htaccess file or other
Apache config related setting might interfere with the validation.
This created too much unnecessary support overhead both for our users as
well as for us.
Check your /var/log/letsencrypt/letsencrypt.log for a more detailed
error message. It could be that one alias didn't verify or that there
were IPv6 issues or things like that.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list