search

debops / ansible-apache

Manage and configure the Apache HTTP Server
GNU General Public License v3.0
2 stars 6 forks source link

Support ACME #1

Open ypid opened 8 years ago

ypid commented 8 years ago

Help welcome. Refer to https://github.com/debops/ansible-nginx how this can be done.

Edit: Note: https://letsencrypt.org//2017/10/17/acme-support-in-apache-httpd.html

muelli commented 7 years ago

FWIW: I seem to have it working with smth like the following:

apache__group_snippets:
    acme:
        enabled: True
        type: raw
        raw: |
            # Here goes the ACME configuration
            Alias /.well-known/acme-challenge/ /srv/www/acme/
            <Directory "/srv/www/acme/">
                Options None
                AllowOverride None
                ForceType text/plain
                RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
                Require all granted
            </Directory>

It is, however, not compatible with the currently employed https_redirects (hence my pull request for enabling to disable them by default). The reason is that Apache 2.4 gives the Redirect rules in the vhosts more priority than the Alias in the global scope as proposed.

ypid commented 7 years ago

@muelli Thanks for much for the input! As explained, I would welcome dedicated ACME support for the role so that it can be enabled and used by default. Do you want to work on this?

ikus060 commented 5 years ago

Any update on the subject. Was a bit surprise to see this role is not supporting ACME. debops proved to be so complete.

ypid commented 5 years ago

No updates on this subject. DebOps has a focus on Nginx. If you need ACME support feel free to work on it.