[Freedombox-discuss] trouble configuring letsencrypt, apache, subdomains...
David Mintz
david at davidmintz.org
Sun Mar 3 06:27:11 GMT 2019
This issue is somewhere at the intersection of Freedombox and LetsEncrypt and Apache. Hope no one minds if I bring it here.
I am having trouble getting LetsEncrypt and Apache working together properly to serve both the freedombox and a little personal website. I've long been using dyndns.org for my dynamic ip and serving lin-chi.dyndns.org off my desktop, and successfully using LetsEncrypt with that. I set up my Freedombox hardware to use the domain fbox.lin-chi.dyndns.org, and reconfigured port forwarding on my home router (Freedombox sits behind it) so that ports 80 and 443 now forward to the freedombox rather than the desktop. All good.
Then I decided I wanted to move the personal site from my desktop onto the freedombox. So I moved the web files, the vhost configuration, and carefully copied various files and subdirectories from /etc/letsencrypt on the desktop to the equivalent locations under /etc/letsencrypt on the freedombox, making sure not to clobber anything, preserving symlinks, etc. I enabled the vhost for lin-chi.dyndns.org with the a2ensite command.
I can access https://fbox.lin-chi.dyndns.org properly, all that is well and good. But when I try to access https://lin-chi.dyndns.org -- i.e., the personal site -- what seems to be happening is that the configuration that controls the subdomain fbox.lin-chi.dyndns.org is being read, so I get a certificate warning about the mismatched name. I also notice that it tries to redirect me to /plinth, which I see coming from the directive in freedombox.conf (which I gather is global, not sure how I go about overriding that just for this vhost). But I do think the vhost for my personal page looks correct:
<VirtualHost *:443>
ServerName lin-chi.dyndns.org
ServerAdmin david at davidmintz.org
DocumentRoot /opt/www/lin-chi/public
SSLCertificateKeyFile /etc/letsencrypt/live/lin-chi.dyndns.org/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/lin-chi.dyndns.org/fullchain.pem
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /opt/www/lin-chi/public >
Options +Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
and of course, I reloaded the Apache config (again and again and again) after changing things. No complaints from Apache.
The only way I can get it to serve my personal page is by disabling the RedirectMatch directive and ignoring the certificate error. I can live with the former, but the certificate error? No good.
Does this have to do with having the personal and the freedombox domains set up like this? That is, with the personal site as example.org and the freedombox as freedombox.example.org? Any suggestions?
Thanks.
---
David Mintz
https://davidmintz.org
Capitalism has failed. https://wsws.org
More information about the Freedombox-discuss
mailing list