Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Letsencrypt with webroot on Apache

Config Apache with /etc/apache2/conf-available/le.conf:

Alias /.well-known/acme-challenge/ "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/">
    AllowOverride None
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

Enable config:

sudo a2enconf le

Install cert / renew cert:

certbot-auto certonly --non-interactive --register-unsafely-without-email --agree-tos --expand --webroot --webroot-path /var/www/html --domain my-domain.org
certbot-auto renew --webroot --webroot-path /var/www/html --no-self-upgrade
@No3x
Copy link

No3x commented Mar 12, 2018

This works well even with virtual hosts and their mapping via ServerName.

@runningnet
Copy link

runningnet commented Apr 5, 2018

Thanks, that help me!

@slat
Copy link

slat commented Apr 14, 2018

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

@myrdd
Copy link

myrdd commented Jun 12, 2018

Thank you @slat, this works great!

@jacksdrobinson
Copy link

jacksdrobinson commented Sep 20, 2018

This was my answer after an afternoon of work. Cheers.

@okainov
Copy link

okainov commented Nov 16, 2018

Just a note - if will not work if somewhere in other Apache sites you have Location / block - it will override this configuration. I solved it by removing Location block at all

@tomredman
Copy link

tomredman commented Jan 23, 2019

Thanks so much for sharing this!

@norayr
Copy link

norayr commented Apr 20, 2020

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

thank you @slat, that was very helpful for my mastodon instance. (:

@axmue
Copy link

axmue commented Aug 12, 2021

Helped us a lot, thanks!

@MeteorVE
Copy link

MeteorVE commented Aug 29, 2021

If you have changed the port of apache2, you need to change back to 80 port or certbot can't pass ACME verification.

   # 1. edit ports.conf 
   vim /etc/apache2/ports.conf 
   # 2. edit Listen 8888(or the number you had set) -> Listen 80 and save it
   # 3. edit sites-enable file
   vim /etc/apache2/sites-enabled/000-default.conf # or you write your config in another .conf file
   # 4. replace all <VirtualHost *:80> to <VirtualHost *:8888>
   # 5. restart apache2
   systemctl restart apache2
   # 6. look up if port has been applied.
   netstat -tlpn| grep apache
   ss -tlpn| grep apache

@budiantoip
Copy link

budiantoip commented Dec 9, 2021

Thanks, I had to set an additional proxy condition to ensure mod_proxy wouldn't interfere.
ProxyPass /.well-known !
ProxyPass / http://127.0.0.1:9999/

Thank you @slat, I've been trying to solve the issue for about 3-4 hours, and your solution works perfectly :)

@kakra
Copy link

kakra commented Feb 7, 2022

Indexes should not be enabled in the challenges directory...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment