bvstone

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

Posted:

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

If you've ever set up SSL on the IBM i for an Apache server and don't have access to the email addresses listed on the domain registration, you have the option to prove ownership by uploading a file to a folder such as /.well-known/pki-validation.

Once the issuer of the SSL certificate sees this file they can then forward you the SSL certificate for the server.

Well, the problem with this is you normally aren't running anything on port 80 these days other than a redirect to the HTTPS site, and this request is required over port 80 for some reason (HTTP).

So, with a little research and trial and error I was able to put together this sample HTTP configuration that allows access over port 80 to this specific folder location. 

Listen xx.xx.xx.xx:80       
Listen xx.xx.xx.xx:443      

<VirtualHost xx.xx.xx.xx:80>                       
   ServerName myserver.com         
   DocumentRoot /www/myserver/htdocs             
   DirectoryIndex index.html                     
                                                 
   <Directory />                                 
      Options None                               
      order deny,allow                           
      deny from all     
   </Directory>
                        
   <Directory /www/myserver/htdocs>                                                         
      order allow,deny                                                                      
      allow from all                                                                        
   </Directory>                                                                             
                                                                                            
   RedirectMatch Permanent "^(/(?!.well-known/).*)" https://myserver.com$1     
   #Redirect permanent / https://myserver.com                                  
</VirtualHost>                                                                              
                                                                                            
<VirtualHost xx.xx.xx.xx:443>                                                                 
   ServerName myserver.com
   .....
</VirtualHost> 

The first VirtualHost container is a normal setup that allows access to static files.  But, the key different is the RedirectMatch directive is saying to redirect all requests to the HTTPS site except for requests to the /.well-known directory.

I've tested it and it works great and makes life a little easier when you have to update your client's SSL certificates on a yearly basis.




Latest Posts:

What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System? What Objects Should I Omit from Replication to Ensure My License Keys Work on my HA/DR System?
Posted by 3 days ago
BVSTools >> BVSTools Software Discussion
GreenTools for Google Apps (G4G) v15.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page GreenTools for Google Apps (G4G) v15.00 Now Offers Functions to Bypass Registration Command and BVSTools Landing Page
Posted by May 3, 2022
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
How Do I Switch From MAILTOOL Plus to GreenTools for Google or Microsoft Office 365? How Do I Switch From MAILTOOL Plus to GreenTools for Google or Microsoft Office 365?
Posted by April 18, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
PTFs Issued for SSL/TLS Issues PTFs Issued for SSL/TLS Issues
Posted by March 12, 2022
IBM Power Systems >> PTF Watch
Google Dropping Support for Google Dropping Support for "Less Secure Apps" May 30th, 2022. What Does This Mean for Your IBM i Email?
Posted by March 4, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Have You Installed a New Version of MAILTOOL and Now Things Are Acting Different?  Check the Command Defaults! Have You Installed a New Version of MAILTOOL and Now Things Are Acting Different? Check the Command Defaults!
Posted by February 28, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Using MAILTOOL Plus on V7R1, or Any OS Using TLS 1.1 or Older Using MAILTOOL Plus on V7R1, or Any OS Using TLS 1.1 or Older
Posted by January 27, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
BVSTools ILE Functions Being Updated to Remove Hashtag (#) from Function Names BVSTools ILE Functions Being Updated to Remove Hashtag (#) from Function Names
Posted by December 30, 2021
BVSTools >> BVSTools Announcements
GETURI v12.00 Released Removing Beginning # (Hashtag) From Function Names GETURI v12.00 Released Removing Beginning # (Hashtag) From Function Names
Posted by December 28, 2021
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements
Is any of BVSTools Software Affected by the log4j exploit? Is any of BVSTools Software Affected by the log4j exploit?
Posted by December 20, 2021
BVSTools >> BVSTools Software Discussion
GreenTools for Microsoft Apps (G4MS) Updated to Allow Downloads, Deletes, and Sharing of Files GreenTools for Microsoft Apps (G4MS) Updated to Allow Downloads, Deletes, and Sharing of Files
Posted by December 17, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products SSL Handshake Errors with GETURI, MAILTOOL and GreenTools Products
Posted by October 18, 2021
BVSTools >> BVSTools Software Discussion
MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered MAILTOOL Updated to Retry Sending when GSK SSL Handshake Error 415 (GSK_ERROR_BAD_PEER) is Encountered
Posted by August 19, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers MAILTOOL Updated to Allow List-Unsubscribe and User Defined Headers
Posted by August 13, 2021
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
AWS signing process in as400 AWS signing process in as400
Posted by August 13, 2021
Programming >> Web Programming

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).