Saturday 6 May 2017

Handle acme-challenge Letsencrypt requests

I have a NodeJs app running behind an Apache configuration using ProxyPass. The HTTPS is setup using Letsencrypt.

As you probably know, to validate a Letsencrypt certificat, we have to handle a request like the one bellow, sent by Letsencrypt server.

http://sub.afakedomain.com/.well-known/acme-challenge/some-random-stringhere

At the moment, the request results into a 404 Not Found because the ProxyPass redirect the request directly to my NodeJs app which didn't handle this request.

  • A solution would be to define a route in my NodeJs app to handle the request
  • Another solution would be to detect the request in Apache and instead of routing the request to the NodeJs app, route it directly to the folder containing the .well-known directory.

Path to well-known directory

/var/www/html/.well-known/

My vhost setting

<VirtualHost *:80>
             DocumentRoot /var/www/html/fail
             ServerName sub.afakedomain.com
             RewriteEngine on
             RewriteCond %{SERVER_PORT} !^443$
             RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
             ProxyPreserveHost On
             ProxyRequests Off
             ServerName sub.afakedomain.com
             Proxypass / http://localhost:5555/
             ProxyPassReverse / http://localhost:5555/

             SSLEngine On
             SSLCertificateFile /etc/letsencrypt/live/afakedomain.com/cert.pem
             SSLCertificateKeyFile /etc/letsencrypt/live/afakedomain.com/privkey.pem
             SSLCertificateChainFile /etc/letsencrypt/live/afakedomain.com/chain.pem
             SSLCACertificateFile /etc/letsencrypt/live/afakedomain.com/fullchain.pem
             Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

If you have some suggestions, feel free! Thanks!



via Maincore

No comments:

Post a Comment