[Freedombox-discuss] trouble configuring letsencrypt, apache, subdomains...

Daddy daddy at autistici.org
Sun Mar 3 16:21:47 GMT 2019 

Hello!

What's the exact certificate error? Is the setup using separate
certificates for each of the sites, or the same cert?
If it's the latter, the certificate would have to be "wildcard"
certificate, supporting multiple subdomains. Let's encrypt is issuing
these kind of certificates for about a year, but as far as I know,
freedombox is not using the option.

D.

On 3. 3. 2019 7:27, David Mintz wrote:
> This issue is somewhere at the intersection of Freedombox and LetsEncrypt and Apache. Hope no one minds if I bring it here.
>
> I am having trouble getting LetsEncrypt and Apache working together properly to serve both the freedombox and a little personal website. I've long been using dyndns.org for my dynamic ip and serving lin-chi.dyndns.org off my desktop, and successfully using LetsEncrypt with that.  I set up my Freedombox hardware to use the domain fbox.lin-chi.dyndns.org, and reconfigured port forwarding on my home router (Freedombox sits behind it) so that ports 80 and 443 now forward to the freedombox rather than the desktop. All good.
>
> Then I decided I wanted to move the personal site from my desktop onto the freedombox. So I moved the web files, the vhost configuration, and carefully copied various files and subdirectories from /etc/letsencrypt on the desktop to the equivalent locations under /etc/letsencrypt on the freedombox, making sure not to clobber anything, preserving symlinks, etc. I enabled the vhost for lin-chi.dyndns.org with the a2ensite command. 
>
> I can access https://fbox.lin-chi.dyndns.org properly, all that is well and good. But when I try to access https://lin-chi.dyndns.org -- i.e., the personal site -- what seems to be happening is that the configuration that controls the subdomain fbox.lin-chi.dyndns.org is being read, so I get a certificate warning about the mismatched name. I also notice that it tries to redirect me to /plinth, which I see coming from the directive in freedombox.conf (which I gather is global, not sure how I go about overriding that just for this vhost). But I do think the vhost for my personal page looks correct:
>
> <VirtualHost *:443>
> 	
> 	ServerName  lin-chi.dyndns.org
> 	ServerAdmin david at davidmintz.org
> 	DocumentRoot /opt/www/lin-chi/public
> 	SSLCertificateKeyFile /etc/letsencrypt/live/lin-chi.dyndns.org/privkey.pem
>         SSLCACertificateFile /etc/letsencrypt/live/lin-chi.dyndns.org/fullchain.pem
>
> 	ErrorLog ${APACHE_LOG_DIR}/error.log
> 	CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> 	<Directory /opt/www/lin-chi/public >
> 		Options +Indexes +FollowSymLinks -MultiViews
> 		AllowOverride All
> 		Require all granted	
> 	</Directory>
>
> </VirtualHost>
>
> and of course, I reloaded the Apache config (again and again and again) after changing things. No complaints from Apache.
>
> The only way I can get it to serve my personal page is by disabling the RedirectMatch directive and ignoring the certificate error. I can live with the former, but the certificate error? No good.
>
> Does this have to do with having the personal and the freedombox domains set up like this? That is, with the personal site as example.org and the freedombox as freedombox.example.org? Any suggestions?
>
> Thanks.
>
> ---
> David Mintz
> https://davidmintz.org
> Capitalism has failed. https://wsws.org
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss

More information about the Freedombox-discuss mailing list