bvstone

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

Posted:

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

If you've ever set up SSL on the IBM i for an Apache server and don't have access to the email addresses listed on the domain registration, you have the option to prove ownership by uploading a file to a folder such as /.well-known/pki-validation.

Once the issuer of the SSL certificate sees this file they can then forward you the SSL certificate for the server.

Well, the problem with this is you normally aren't running anything on port 80 these days other than a redirect to the HTTPS site, and this request is required over port 80 for some reason (HTTP).

So, with a little research and trial and error I was able to put together this sample HTTP configuration that allows access over port 80 to this specific folder location. 

Listen xx.xx.xx.xx:80       
Listen xx.xx.xx.xx:443      

<VirtualHost xx.xx.xx.xx:80>                       
   ServerName myserver.com         
   DocumentRoot /www/myserver/htdocs             
   DirectoryIndex index.html                     
                                                 
   <Directory />                                 
      Options None                               
      order deny,allow                           
      deny from all     
   </Directory>
                        
   <Directory /www/myserver/htdocs>                                                         
      order allow,deny                                                                      
      allow from all                                                                        
   </Directory>                                                                             
                                                                                            
   RedirectMatch Permanent "^(/(?!.well-known/).*)" https://myserver.com$1     
   #Redirect permanent / https://myserver.com                                  
</VirtualHost>                                                                              
                                                                                            
<VirtualHost xx.xx.xx.xx:443>                                                                 
   ServerName myserver.com
   .....
</VirtualHost> 

The first VirtualHost container is a normal setup that allows access to static files.  But, the key different is the RedirectMatch directive is saying to redirect all requests to the HTTPS site except for requests to the /.well-known directory.

I've tested it and it works great and makes life a little easier when you have to update your client's SSL certificates on a yearly basis.




Latest Posts:

How to Whitelist GreenTools for G Suite (G4G) For Your Organization How to Whitelist GreenTools for G Suite (G4G) For Your Organization
Posted by November 5, 2023
BVSTools >> BVSTools Software Discussion >> GreenTools for G Suite (Google Apps) (G4G) Specific Discussion
QuickBooks Online Releases QuickBooks Online Releases "New Invoices!"... and It's Terrible!
Posted by October 8, 2023
QuickBooks >> QuickBooks Online
Admin/4i - What is it? Admin/4i - What is it?
Posted by September 30, 2023
Vendor Corner >> MSD Information Technology
BVSTools Releases Send Job Log to BVSTools (SNDLOG2BVS) Command BVSTools Releases Send Job Log to BVSTools (SNDLOG2BVS) Command
Posted by August 28, 2023
BVSTools >> BVSTools Announcements
MAILTOOL Now Allows Email Redirection for Development and Testing MAILTOOL Now Allows Email Redirection for Development and Testing
Posted by May 27, 2023
BVSTools >> BVSTools Announcements >> eMail Tool (MAILTOOL) Specific Announcements
GreenTools for Microsoft Apps (G4MS) Now Supports Footers When Sending Email GreenTools for Microsoft Apps (G4MS) Now Supports Footers When Sending Email
Posted by March 29, 2023
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
QuickBooks Online - Subtotals and Discounts Frustration QuickBooks Online - Subtotals and Discounts Frustration
Posted by March 16, 2023
QuickBooks >> QuickBooks Online
Making the Switch From QuickBooks Desktop to QuickBooks Online - No Picnic Making the Switch From QuickBooks Desktop to QuickBooks Online - No Picnic
Posted by March 16, 2023
QuickBooks >> QuickBooks Online
BVSTools Software Verified on V7R5 and Power10 BVSTools Software Verified on V7R5 and Power10
Posted by December 9, 2022
BVSTools >> BVSTools Announcements
Microsoft Office 365 Servers and Random Errors Issue Microsoft Office 365 Servers and Random Errors Issue
Posted by November 14, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Sending/Resending Emails Using a MIME File with MAILTOOL Sending/Resending Emails Using a MIME File with MAILTOOL
Posted by November 8, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Sending an HTML Email on Your IBM i Using MAILTOOL Sending an HTML Email on Your IBM i Using MAILTOOL
Posted by November 1, 2022
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Transferring License Keys from One System to Another Transferring License Keys from One System to Another
Posted by October 31, 2022
BVSTools >> BVSTools Software Discussion
Calculating the Size of a File Before Base64 Encoding Calculating the Size of a File Before Base64 Encoding
Posted by August 13, 2022
Programming >> RPG Programming
GreenTools for Microsoft Apps (G4MS) v9.12 Now Includes Function to Send Emails using MIME File GreenTools for Microsoft Apps (G4MS) v9.12 Now Includes Function to Send Emails using MIME File
Posted by August 11, 2022
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).