Let's Encrypt (letsencrypt) with ispconfig 3.1 and mpm-itk on Debian wheezy

Discussion in 'Tips/Tricks/Mods' started by gmelis, Dec 6, 2016.

  1. gmelis

    gmelis New Member

    For posterity's sake (and in case somebody uses apache mpm-itk on Debian 7 (wheezy) and has upgraded to ispconfig 3.1):
    The mpm-itk module forces apache to start as <user>:<group> (i.e. web1:client1) and thus renders it unable to access
    /usr/local/ispconfig/interface/acme/.well-known/acme-challenge and verify let's encrypt's challenge.

    Pasting the following in a terminal and reloading apache fixed the issue:

    Code:
    cat <<EOF >/etc/apache2/conf.d/acme.conf
    Alias /well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
        Order allow,deny
        Allow from all
        <IfModule mpm_itk_module>
            AssignUserId www-data www-data
        </IfModule>
    </Directory>
    EOF
     
    Last edited: Dec 6, 2016
    till likes this.

Share This Page