Hi guys,
I have had a ZoneEdit hosted domain setup with letsencrypt for a couple of years now. My setup has a CNAME for www pointing to my web server DYN record (in case the web server IP changes), and I then use URL forwarding to redirect any requests to the root name to www. I use certbot with the Apache domain Authenticator, which puts a file in the web server for letsencrypt to validate you own the domain.
Previously ZoneEdit was redirecting root requests including the URL suffix, but since the last renewal (some time in the last month) certbot is failing to renew because zoneedit is 403'ing the letsencrypt request to the root domain with a suffix. eg:
It appears to just be suffixes with a . in the URI as if I take out the URI it works fine?
I think this a configuration change on your URL forwarding service & will be causing significant issues for certbot users.
Any assistance appreciated.
I have had a ZoneEdit hosted domain setup with letsencrypt for a couple of years now. My setup has a CNAME for www pointing to my web server DYN record (in case the web server IP changes), and I then use URL forwarding to redirect any requests to the root name to www. I use certbot with the Apache domain Authenticator, which puts a file in the web server for letsencrypt to validate you own the domain.
Previously ZoneEdit was redirecting root requests including the URL suffix, but since the last renewal (some time in the last month) certbot is failing to renew because zoneedit is 403'ing the letsencrypt request to the root domain with a suffix. eg:
Code:
jbolger@server:/etc/network# curl -v http://domain.com.au/.well-known/
* Connected to domain.com.au (1.1.1.1) port 80 (#0)
> GET /.well-known/ HTTP/1.1
> Host: domain.com.au
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx/1.14.2
< Date: Sat, 04 Apr 2020 23:14:25 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
* Connection #0 to host domain.com.au left intact
It appears to just be suffixes with a . in the URI as if I take out the URI it works fine?
Code:
jbolger@server:/etc/network# curl -v http://domain.com.au/well-known/
* Connected to domain.com.au (1.1.1.1) port 80 (#0)
> GET /well-known/ HTTP/1.1
> Host: domain.com.au
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.14.2
< Date: Sat, 04 Apr 2020 23:13:53 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: http://www.domain.com.au/well-known/
<
* Connection #0 to host domain.com.au left intact
I think this a configuration change on your URL forwarding service & will be causing significant issues for certbot users.
Any assistance appreciated.