Saturday, March 25, 2017

Re: Let's Encrypt installation fails with WSGI on Ubuntu 14 LTS

On Fri, Mar 24, 2017 at 03:22:40PM -0700, Moreplavec wrote:
> I'm trying to install SSL certificate with Let's encrypt on my VPS running
> Apache + WSGI.
>
> I'm following guide:
> https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
>
> It works fine for all PHP sites, but i get an error when trying to install
> SSL for Django app. I think the problem is, that SSL cert conf is made as
> duplicate or currect conf file, so apache configtest fails and whole
> instalation is reverted:
>
> command: *certbot-auto --apache -d django.my-domain.cz*

Personally I'd recommend that you move away from the automagic
features of certbot that mess around with your config files, and just
configure your webserver manually to serve ACME challenges, and
otherwise fall back to whatever it is supposed to do (like proxy to
your application server), and use certbot in its webroot mode which
just puts the correct file in a location of your choice without any
config changes of anything.

With nginx, the correct arcane incantation would be to use something
like

root /var/www/acme;
try_files $uri @wsgi_upstream;

I'm pretty sure you can create an equivalent configuration with apache
somehow, maybe using mod_rewrite or something.

The advantage of using a static configuration like this, rather than
letting certbot change the httpd config on each run, is that there are
fewer moving parts, there's no risk that the config automagic won't
work with the config directives used in your particular config,
there's no need to reload the webserver on each run, and in general, I
personally distrust any magic that messes with my configuration.

Good luck,

Michal

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20170325213403.GH23772%40koniiiik.org.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)