Skip to content

Instantly share code, notes, and snippets.

@daronco
Last active February 15, 2024 11:50
Show Gist options
  • Save daronco/45eeb9223c57d240e60d094f8bee457e to your computer and use it in GitHub Desktop.
Save daronco/45eeb9223c57d240e60d094f8bee457e to your computer and use it in GitHub Desktop.
Letsencrypt with webroot on Apache

Config Apache with /etc/apache2/conf-available/le.conf:

Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/">
    AllowOverride None
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

Enable config:

sudo a2enconf le

Install cert / renew cert:

certbot-auto certonly --non-interactive --register-unsafely-without-email --agree-tos --expand --webroot --webroot-path /var/www/html --domain my-domain.org
certbot-auto renew --webroot --webroot-path /var/www/html --no-self-upgrade
@No3x
Copy link

No3x commented Mar 12, 2018

This works well even with virtual hosts and their mapping via ServerName.

@runningnet
Copy link

Thanks, that help me!

@slat
Copy link

slat commented Apr 14, 2018

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

@myrdd
Copy link

myrdd commented Jun 12, 2018

Thank you @slat, this works great!

@jacksdrobinson
Copy link

This was my answer after an afternoon of work. Cheers.

@okainov
Copy link

okainov commented Nov 16, 2018

Just a note - if will not work if somewhere in other Apache sites you have Location / block - it will override this configuration. I solved it by removing Location block at all

@tomredman
Copy link

Thanks so much for sharing this!

@norayr
Copy link

norayr commented Apr 20, 2020

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

thank you @slat, that was very helpful for my mastodon instance. (:

@axmue
Copy link

axmue commented Aug 12, 2021

Helped us a lot, thanks!

@MeteorVE
Copy link

If you have changed the port of apache2, you need to change back to 80 port or certbot can't pass ACME verification.

   # 1. edit ports.conf 
   vim /etc/apache2/ports.conf 
   # 2. edit Listen 8888(or the number you had set) -> Listen 80 and save it
   # 3. edit sites-enable file
   vim /etc/apache2/sites-enabled/000-default.conf # or you write your config in another .conf file
   # 4. replace all <VirtualHost *:80> to <VirtualHost *:8888>
   # 5. restart apache2
   systemctl restart apache2
   # 6. look up if port has been applied.
   netstat -tlpn| grep apache
   ss -tlpn| grep apache

@budiantoip
Copy link

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

Thank you @slat, I've been trying to solve the issue for about 3-4 hours, and your solution works perfectly :)

@kakra
Copy link

kakra commented Feb 7, 2022

Indexes should not be enabled in the challenges directory...

@fizdog
Copy link

fizdog commented Oct 27, 2023

I know this is old but someone pointed me here when i was having issues setting up LE and i wanted to ask where to i put that porxy info that was commented about?

@No3x
Copy link

No3x commented Oct 27, 2023

@fizdog it usually goes into your site conf. Best thing to do is finding documentation or a tutorial about mod_proxy how to install (it requires prerequisites) and how to use.

@fizdog
Copy link

fizdog commented Oct 27, 2023

@fizdog it usually goes into your site conf. Best thing to do is finding documentation or a tutorial about mod_proxy how to install (it requires prerequisites) and how to use.

Ok will do. Thanks for the info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment