Closed Sp1l closed 1 month ago
Oh, did not even know that was a thing. Is this in the base server or in virtual hosts contexts? Would a ServerAlias with just the DNS name help as a temporary workaround?
Oh, did not even know that was a thing.
Neither did I until I ran into the failing redirects 😃
Is this in the base server or in virtual hosts contexts?
This is in a VirtualHost context
Would a ServerAlias with just the DNS name help as a temporary workaround?
It is the ServerAlias
that causes the issue.
We've just removed the scheme://
prefix to make it work, our newer installs don't use SSL offloading. Created this issue more as a future improvement.
For completeness, this works:
Define vhost somevhost.subdom.example.com
MDomain ${vhost}
<VirtualHost *:443>
ServerName https://${vhost}
...
</VirtualHost>
But this results in the "invalid character" error:
Define vhost somevhost.subdom.example.com
MDomain ${vhost}
MDomain origin.${vhost}
<VirtualHost *:443>
ServerName https://${vhost}
ServerAlias https://origin.${vhost}
...
</VirtualHost>
We're now using:
Define vhost somevhost.subdom.example.com
MDomain ${vhost} origin.${vhost}
<VirtualHost *:443>
ServerName ${vhost}
ServerAlias origin.${vhost}
...
</VirtualHost>
All in all, replacing acme.sh
with mod_md has been a very good experience!
Thanks. I read httpd's code here:
https://${vhost}
, it correctly splits this into internal vars server_scheme
and server_hostname
. The latter is used by mod_md
for matching and everything works.ServerAlias https://origin.${vhost}
. And mod_md
will not work also, as Lets Encrypt rejects this correctly as invalid DNS name.tl;dr
What should work in your setup is:
<VirtualHost *:443>
ServerName https://${vhost}
ServerAlias origin.${vhost}
...
</VirtualHost>
The server_scheme
extracted from ServerName
is also used for alias matches.
Therefore, I do not see anything to fix in mod_md
regarding this. Do you agree?
Agree! The server_scheme
should be correct for the ServerAlias
es as well.
(sorry for the delay).
We're running into an error for domains where the
ServerName
contains ascheme://
prefix.For servers where there's an SSL off-load in front of the Apache server, you must add scheme:// to the ServerName to force correct generation of redirect URLs.