2

I am running an ISPConfig 3 server with apache. To get HTTPS i use the certbot of let's encrypt. ISPConfig supports cert generation which is working for various cites.

One site runs locally on a different port (as it is a complex system). To reach it, i added a new site in ISPConfig and configured apache as a reverse proxy as shown below. The site is up an running, but unable to renew the certificates via certbot (does not work only for this site).

ProxyRequests Off
ProxyVia Off

<Proxy *>
     Require all granted
</Proxy>
ProxyPass / http://my.domain.com:8080
ProxyPassReverse / http://my.domain.com:8080

I guess the problem is the unreachability of the challenge folder (/acme/.well-known/acme-challenge)

How to configure apache as reverse proxy that it is able to renew its certificate?

Zian
  • 559
  • 4
  • 16

1 Answers1

7

I have the same problem here: the proxy endpoint doesn't have the same webroot and cannot serve the .well-known directory correctly, which means Let's Encrypt fails to find it.

The trick is to skip the proxying for the well-known URL, using something like this answer. In my case, it was simply a matter of adding this line:

ProxyPass /.well-known/ !

which will disable the proxying for the certbot directory.

Good luck!

Muhammad Dyas Yaskur
  • 6,914
  • 10
  • 48
  • 73
anarcat
  • 5,605
  • 4
  • 32
  • 38