[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite

Mattia Rizzolo mattia at debian.org
Thu Dec 15 17:03:41 UTC 2016 

On Thu, Dec 15, 2016 at 11:51:40AM +0100, noc wrote:
> dehydrated-apache2 comes with a conf-file that is supposed to make the
> /.well-known/acme-challenge/ directory available in the webserver.
> 
> Unfortunately it had no effect on my system: accessing
> /.well-known/acme-challenge/ via my webserver would just give me a 404 page.
> 
> Now, my webserver has the following characteristics
> - multiple VirtualHosts
> - use of mod_rewrite to do complex routing (in virtually all VirtualHosts).

umh.
where do you configure the virtualhosts?  If you have them on
/etc/apache2/sites-enabled those should not conflict and the conf this
package ships would be honored (I think?!).

In my systems I have a lot of virtulhosts too (although I don't have
that many rewrite rules) and everything works.

>     RewriteRule ^/\.well-known/acme-challenge/ - [L]
> 
> Of course I would prefer a solution that would fix this in a central place
> (/etc/apache2/conf-available/dehydrated.conf).
> However, my feeble (and short-lived) attempts did not have any effect.

Have you tried adding that line to
/etc/apache2/conf-enabled/dehydrated.conf?

> Also, the documentation for such issues is sub-optimal.
> Even though dehydrated-apache2 is supposed to work without any configuration
> (though - as this bug report shows, sometimes it is not), it should come with
> some documentation (even if it is just saying that normally no configuration is
> needed, and that one should look at /usr/share/doc/dehydrated/docs for general
> documentation and specifically at wellknown.md)

Possibly.

> Ah yes: as you may have noticed, the target machine is running on jessie (for
> which not even a backport of this package exists). I haven't verified the
> problem on a sid system.
> I assume that problems might be similar, and that

Yeah, that's fine.

> dehydrated-apache2 will
> eventually hit jessie-backports (and the backports package will not be much
> different from the current package)

It will once I can provide a working and tested upgrade path from
letsencrypt.sh to dehydrated.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/letsencrypt-devel/attachments/20161215/f5f54ff8/attachment.sig>

More information about the Letsencrypt-devel mailing list