Hello, I'm running a FreeBSD system that I'm running apache on and using that to validate and put in to place letsencrypt certificates for several domains. I thought I had auto-updating working, turns out I didn't, but also I've got a configuration problem with apache that is preventing certificate validation. If I use: acme-client -v -C /usr/local/www/.well-known/acme-challenge -mbnN domain.com webmail.domain.com /usr/local/www/.well-known/acme-challenge is where challenges are stored, the validation works only if I have this line commented out: Redirect / https://www.domain.com/ if the above is uncommented validation fails. My goal is an all-ssl site except for the acme validations, so if a user types in domain.com or www.domain.com they get redirected to https. But if a request comes in with the domain host/.well-known/acme-challenge redirection to the http site occurs for certificate validation. Here's a virtual host config: <VirtualHost *:80> ServerAdmin webmaster@xxxxxxxxxx DocumentRoot "/usr/vhosts/domain.com/htdocs/" ServerName www.domain.com ServerAlias domain.com www.domain.com mail.domain.com ErrorDocument 404 /errordocs/error404.htm # share well-known for renewal via Let's Encrypt! Alias /.well-known/acme-challenge /usr/local/www/.well-known/acme-challenge # Anything that isn't going to domain.com/.well-known gets forwarded to the https site RewriteEngine on RewriteCond %{REQUEST_URI} !^/.well-known Redirect / https://www.domain.com/ ErrorLog "/usr/vhosts/domain.com/logs/error.log" # for acme challenges <Directory "/usr/local/www/.well-known/acme-challenge"> Options None AllowOverride None Require all granted Header add Content-Type text/plain </Directory> </VirtualHost> <VirtualHost *:443> ServerAdmin webmaster@xxxxxxxxxx DocumentRoot "/usr/vhosts/domain.com/htdocs/" ServerName www.domain.com SSLEngine on SSLCertificateFile "/usr/local/etc/ssl/acme/domain.com/cert.pem" SSLCertificateKeyFile "/usr/local/etc/ssl/acme/private/domain.com/privkey.pem" SSLCertificateChainFile "/usr/local/etc/ssl/acme/domain.com/chain.pem" <Directory "/usr/vhosts/domain.com/htdocs/"> Options FollowSymLinks AllowOverRide None Require all granted </Directory> <IfModule mod_log_config.c> CustomLog "|/usr/local/sbin/rotatelogs -l /usr/vhosts/domain.com/logs/access.log-%Y-%m-%d.log 86400" combined </IfModule> # Disc cache setup CacheQuickHandler off CacheLock on CacheLockPath /tmp/mod_cache-lock CacheLockMaxAge 5 CacheIgnoreHeaders Set-Cookie <Location /> CacheEnable disk CacheHeader on CacheDefaultExpire 600 CacheMaxExpire 86400 CacheLastModifiedFactor 0.5 ExpiresActive on ExpiresDefault "access plus 5 minutes" Header merge Cache-Control public FileETag All </Location> </VirtualHost> Suggestions welcome. Thanks. Dave. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx