Mailinglist Archive: opensuse (621 mails)

< Previous Next >
Re: [opensuse] certbot error
On 06/08/2019 01:54 PM, Per Jessen wrote:
David C. Rankin wrote:

On 06/08/2019 05:22 AM, Dave Howorth wrote:
Thanks, David, and the others who replied. I certainly hope my system
is not reachable over port 80. I run the router in stealth mode and
am concerned that it is still responding to pings and IDENTs.

I didn't realize my system needed to be visible. My whole purpose was
to be able to use HTTPS on my internal network without any external
connections. I suppose I need to do a lot more reading.

You only need port 80 up during cert creation (and then once every 3
months thereafter for update). Once the certs are installed, you can
disable port 80 again.

I use mod rewrite to force all traffic to 443 (which was another layer
of failure I found :)

I always add this condition:

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge




That's a keeper! THanks.


--
David C. Rankin, J.D.,P.E.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >