[EP-tech] LetsEncrypt / EPrints Rewrite rules
J.Salter at leeds.ac.uk
Thu May 7 13:41:39 BST 2020
I've been looking at the instructions here:
and wondering how they actually work alongside an EPrints install.
In the EPrints::Apache::Rewrite module (which would normally handle anything in the EPrints' domain, there is a specific rule declining access to anything including '/.'.
The normal LetsEncrypt issuance/renewal process uses an asynchronous challenge/response to the server - normally to a URL like:
This contains the '/.' string, so the EPrints stack rejects the request.
There are two resolutions to this:
1) Add a rule to the Apache config to prevent the EPrints stack handling the '.well-known' directory
2) Add a URL rewrite trigger to serve the '.well-known' directory (if it exists).
For my test server, I have gone down the second of these routes - and will add details to the Wiki page.
Can someone using LetsEncrypt confirm that the above is correct - and provide an example of the Apache config used?
There may be other approaches - LetsEncrypt has various mechanisms, but the Apache or Webroot ones are the most relevant here I think.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Eprints-tech