From 79a24f86c149fd763b696d0f785a19bd08fab451 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20H=C3=B6=C3=9F?= Date: Tue, 29 Sep 2020 21:04:37 +0000 Subject: [PATCH] Update README.md --- apache/README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/apache/README.md b/apache/README.md index a926e49..c230c57 100644 --- a/apache/README.md +++ b/apache/README.md @@ -1,3 +1,25 @@ ### acme.include -Include for which redirects request which are actually for the _ACME/Let's encrypt_ to the port the ACME-worker is listennix on \ No newline at end of file +Include which redirects requests which are actually for the _ACME/Let's encrypt_ . +This way you can have apache running on port 80, but still process request from the _Let's encrypt_ service +which also come to port 80. + +Example apache definition for a typical HTTP/80-virtual server would look like this now: +``` + + Include /etc/apache2/vhosts.d/acme.include + RedirectMatch permanent ^(.*)$ https://cdn.mh3000.net/ + TransferLog "/var/log/apache2/access_cdnmh3000-nonssl.log" + +``` + +This works like this: +- the include redirects request to the /.well-known/acme-challenge path to localhost:9432 where your + ACME-worker shoud listen for requests +- All other requests will be redirect to the SSL-version of your site. + +E.g. with `acme.sh` you must specify then parameters `[OTHER STUFF] --issue --standalone --httpport 9432 -d [DOMAIN]` +at initial certificate request. Renews will automatically the also use the alternate httpport. + + +