[BlueOnyx:21300] Re: LetsEncrypt error on 5208R admserv
Michael Stauber
mstauber at blueonyx.it
Mon Aug 28 10:25:24 -05 2017
Hi Chris,
> Symptom: when requesting letsencrypt cert from Server Management >
> Security > SSL > 'Let's Encrypt!' the following red error occurs:
> The following error occured during the SSL certificate request: The
> installation path for the certificates could not be determined.
>
> From checking /var/log/messages and /var/log/httpd/access_log, I can see
> that when the callback for the acme-challenge takes place, it gets a 301
> redirect from the server's hostname to the site on the server with the
> same domain, but the www hostname.
When LE does the online verification for the AdmServ certificate, it
doesn't connect to AdmServ, because it is not aware of it. So the
ACME-challenge contacts the regular webserver at port 80.
Say you have this setup:
- server.domain.com (server name)
- www.domain.com (existing Vsite)
When someone connects http://server.domain.com/ Apache will use the
DocumentRoot of /var/www/html/ for this call and that is also where the
LE client has created the .well-known directory needed for the AdmServ
ACME-challenge. There is usually only an index.html in it that does a
redirect to port 444 and all 404 errors will also be redirected to the
respective GUI error pages.
In your case the connection request to http://server.domain.com seems to
terminate in another DocumentRoot.
I'd suggest to test this by creating a textfile in /var/www/html/ and
then try to connect to that textfile with a browser from the outside to
see what you get when you try to access it.
Perhaps there is something wrong with the A Record of
"server.domain.com" or maybe there is some modification to Apache in
place (RewriteRule, change of paths or other) that either moves the
access request to another DocumentRoot than the expected /var/www/html/.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list