Once upon a time, Patrick O'Callaghan <pocallaghan@xxxxxxxxx> said: > BTW 'certbot certonly ..." also failed. I'm 99% sure this is a problem > with my Apache installation. I think others have mentioned it, but I would highly suggest using --webroot rather than --apache. You have control of the Apache config that way and can get it right (once) and be done with it, just pointing certbot to your chosen and configured directory. The validation step does use port 80, due to pre-SNI shared hosting servers sometimes serving site A's content on port 443 for site B's URL (allowing site A to impersonate site B for ACME purposes). Especially if you aren't otherwise using port 80, you can just configure an Apache virtual host on port 80 and point it to an otherwise-unused directory, to use with --webroot. I do most of my Let's Encrypt cert validation with DNS these days (to allow for wildcard certs and/or hosts on private networks), so that's about it for ideas from me. :) -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
