Cloudflare + Letsencrypt + ISPConfig Apache + ModJK
I have a Debian 9.5 webserver configured with ISPConfig using Apache2.
I initially setup the webserver with SSL and Certbot and it was working well to host my java application with tomcat. Tomcat was connected to Apache2 with mod-jk.
Recently I implemented Cloudflare DNS protection and this has obviosly broke my Certbot renewal process.
I think I could renew Letsencrypt certificates using the webroot directive but I have troubles making the apache2 virtualhost directives work correctly.
First, I have to disable forced https redirect only for .well-known directory and I successfully done this with:
RewriteCond %{REQUEST_URI} ^/.well-known
RewriteRule . - [L]
Second, I have to unmount from jk the .well-known directory and this directive seems to work, also if it has an unexpected behaviour:
SetEnvIf Request_URI "^/.well-known" no-jk
Actually this code generates 403/404 errors:
AH01276: Cannot serve directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
It seems the no-jk directive is acting outside the virtualhost.
Has anyone experienced this kind of problem or knows how to solve it?
Thank you
apache mod-jk certbot
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
add a comment |
I have a Debian 9.5 webserver configured with ISPConfig using Apache2.
I initially setup the webserver with SSL and Certbot and it was working well to host my java application with tomcat. Tomcat was connected to Apache2 with mod-jk.
Recently I implemented Cloudflare DNS protection and this has obviosly broke my Certbot renewal process.
I think I could renew Letsencrypt certificates using the webroot directive but I have troubles making the apache2 virtualhost directives work correctly.
First, I have to disable forced https redirect only for .well-known directory and I successfully done this with:
RewriteCond %{REQUEST_URI} ^/.well-known
RewriteRule . - [L]
Second, I have to unmount from jk the .well-known directory and this directive seems to work, also if it has an unexpected behaviour:
SetEnvIf Request_URI "^/.well-known" no-jk
Actually this code generates 403/404 errors:
AH01276: Cannot serve directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
It seems the no-jk directive is acting outside the virtualhost.
Has anyone experienced this kind of problem or knows how to solve it?
Thank you
apache mod-jk certbot
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
add a comment |
I have a Debian 9.5 webserver configured with ISPConfig using Apache2.
I initially setup the webserver with SSL and Certbot and it was working well to host my java application with tomcat. Tomcat was connected to Apache2 with mod-jk.
Recently I implemented Cloudflare DNS protection and this has obviosly broke my Certbot renewal process.
I think I could renew Letsencrypt certificates using the webroot directive but I have troubles making the apache2 virtualhost directives work correctly.
First, I have to disable forced https redirect only for .well-known directory and I successfully done this with:
RewriteCond %{REQUEST_URI} ^/.well-known
RewriteRule . - [L]
Second, I have to unmount from jk the .well-known directory and this directive seems to work, also if it has an unexpected behaviour:
SetEnvIf Request_URI "^/.well-known" no-jk
Actually this code generates 403/404 errors:
AH01276: Cannot serve directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
It seems the no-jk directive is acting outside the virtualhost.
Has anyone experienced this kind of problem or knows how to solve it?
Thank you
apache mod-jk certbot
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
I have a Debian 9.5 webserver configured with ISPConfig using Apache2.
I initially setup the webserver with SSL and Certbot and it was working well to host my java application with tomcat. Tomcat was connected to Apache2 with mod-jk.
Recently I implemented Cloudflare DNS protection and this has obviosly broke my Certbot renewal process.
I think I could renew Letsencrypt certificates using the webroot directive but I have troubles making the apache2 virtualhost directives work correctly.
First, I have to disable forced https redirect only for .well-known directory and I successfully done this with:
RewriteCond %{REQUEST_URI} ^/.well-known
RewriteRule . - [L]
Second, I have to unmount from jk the .well-known directory and this directive seems to work, also if it has an unexpected behaviour:
SetEnvIf Request_URI "^/.well-known" no-jk
Actually this code generates 403/404 errors:
AH01276: Cannot serve directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
It seems the no-jk directive is acting outside the virtualhost.
Has anyone experienced this kind of problem or knows how to solve it?
Thank you
apache mod-jk certbot
apache mod-jk certbot
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
asked Nov 25 '18 at 17:42
Giacomo ArruGiacomo Arru
63
63
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53470165%2fcloudflare-letsencrypt-ispconfig-apache-modjk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53470165%2fcloudflare-letsencrypt-ispconfig-apache-modjk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
