Let's Encrypt certificate renewal fails for proxied sites – which of course would have been expected behaviour, would I have thought about it earlier. On one of my ISPConfig-managed servers I have three websites which are served by separate services on different ports, for which Apache acts as a proxy + reverse proxy, adding SSL and serving the content via port 443, using a Let's Encrypt certificate. When I had to temporarily disable the proxying configuration snippet in ISPConfig in order to enable SSL and create the certificate in the first place, I should have suspected that automatic renewal might encounter a problem... My question now is, might there perhaps be any way around manually renewing the certificates every three months, with disabling proxying before and re-enabling it after the act? I fear that there will, come time, come more services I'd like to serve in a similar way... Cheers, Etc
I haven't yet fully grasped what's happening in the ISPConfig-generated .vhost files, but although I find this twice there (once for :80, once for :443): Code: RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] I find that adding this: Code: RewriteEngine on RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC] RewriteRule .* - [L] either in the site's root .htaccess file or ISPConfig's Apache directives field, before any specific Rewrite or Proxy/ReverseProxy rules, seems to do the trick.
Tried this but it did not allow Certbot to renew SSL cert. Code: RewriteEngine on RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC] RewriteRule .* - [L] ProxyRequests Off ProxyPreserveHost On ProxyPass /otherservice ! ProxyPass / http://127.0.0.1:8069/ ProxyPassReverse / http://127.0.0.1:8069/
Seems I forgot about this thread that I had opened, should have followed up on it earlier... This is what, in the meantime, I've found to work for me, I got completely rid of the additional rewrite-rules: Code: <Proxy *> Order deny,allow Allow from all </Proxy> SSLProxyEngine On ProxyRequests On ProxyPreserveHost On ProxyPass /.well-known/ ! ProxyPass /stats ! ProxyPass / http://127.0.0.1:4567/ ProxyPassReverse / http://127.0.0.1:4567/