Redirect to external URL & Letsencrypt - Chrome 90 will make https default

Hello, starting with Chrome version 90, https will be default, so i thought, it would be a great idea, if i could create ssl-certificates for all my "redirect hosts".

but if i try to get ssl certificates for redirected domains als aliasdomains, letsencrypt could not verify, because it cannot access the ".well-known/..." directory.

i found an old thread with the same problem:
https://www.howtoforge.com/communit...rnal-url-but-letsencrypt-on-own-server.83890/

but there was no answer how i could create the "excluded folders". I´m using apache2 on ubuntu 18.04 PFS.
kind regards, Holger

 

thanks. i am on 3.24 and just followed the letsencrypt faq post. i run tools / resync for all services. but it still does not work.
i have not configured any webserver templates or any directives. letsencrypt is running fine for all hosts, without any redirects.

Code:

2021-04-07 21:06:35,391:DEBUG:certbot.plugins.webroot:Removing /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/dsa_PKskpubUZTv0nZ0YkQumJwGAA7CWHW5_iRMbx5
Y
2021-04-07 21:06:35,391:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2021-04-07 21:06:35,391:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 11, in <module>
    load_entry_point('certbot==0.23.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1266, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1157, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 118, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 350, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 294, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 330, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 80, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 153, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 224, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.ferienwohnung-bisonblick.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks
sufficient authorization :: Invalid response from https://www.tierpark-nordhorn.de/bisonblick/ [88.198.220.229]: "<!DOCTYPE html>\n<html class=\"no-overflow-y avada-htm
l-layout-boxed avada-html-header-position-top avada-html-has-bg-image\" lang=", ferien-im-zoo.de (http-01): urn:ietf:params:acme:error:connection :: The server could no
t connect to the client to verify the domain :: Fetching http://ferien-im-zoo.de/.well-known/acme-challenge/cK1V9ejI6GgzGcRgq9500JexJ_tc0pmu9aA6Tnvi6xI: Timeout during
connect (likely firewall problem), www.dierentuin-duitsland.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invali
d response from https://www.dierentuin-nordhorn.nl/ [88.198.220.229]:

 

i´m using apache2, so i don´t think this could be the problem, or is there anything i need to change for apache-config?

 

no, just basic host configuration. all with default settings.