While trying to get the Let's Encrypt Certbot to work on a local server that hosts reverse-proxied content, I am unable to get the local exception working inside a Location block. httpd.conf snippet:
SSLProxyEngine on
<Location "/">
ProxyPass "https://internal.host/"
ProxyPassReverse "https://internal.host/"
</Location>
Include /etc/apache2/vhosts.d/01_acme.include
Placing the 01_acme.include file above or below the Location block has no effect.
The 01_acme.include file:
<Location /.well-known/acme-challenge/>
ProxyPass "!"
Alias /run/acme/.well-known/acme-challenge
</Location>
I have placed a single text file in that directory named date. Attempting to retrieve this file results in an endless 301 redirect to date/index.html/index.html/... until the redirect limit of the client is reached. The logs show this is generated on the front-end server, the back-end never receives a request.
If I replace the Location block with standalone directives, it functions as expected:
Alias /.well-known/acme-challenge /run/acme/.well-known/acme-challenge
ProxyPass /.well-known/acme-challenge !
According to the ProxyPass documentation this method of defining an exception should work – it conforms very well with the provided sample configuration towards the end of that section. Is this just broken, or have I missed something?
The redirects may be the root cause, but I can't find any redirect or rewrite directives in this scope that could be throwing a 301, and the only mention of index.html in .htaccess (there isn't one) or configuration files is the directory index, which I've tried explicitly disabling with Options -Indexes to no effect.
Best Answer
You're missing a trailing slash in the
Alias. Trailing slashes have to match.