bvstone

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

Posted:

Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)

If you've ever set up SSL on the IBM i for an Apache server and don't have access to the email addresses listed on the domain registration, you have the option to prove ownership by uploading a file to a folder such as /.well-known/pki-validation.

Once the issuer of the SSL certificate sees this file they can then forward you the SSL certificate for the server.

Well, the problem with this is you normally aren't running anything on port 80 these days other than a redirect to the HTTPS site, and this request is required over port 80 for some reason (HTTP).

So, with a little research and trial and error I was able to put together this sample HTTP configuration that allows access over port 80 to this specific folder location. 

Listen xx.xx.xx.xx:80       
Listen xx.xx.xx.xx:443      

<VirtualHost xx.xx.xx.xx:80>                       
   ServerName myserver.com         
   DocumentRoot /www/myserver/htdocs             
   DirectoryIndex index.html                     
                                                 
   <Directory />                                 
      Options None                               
      order deny,allow                           
      deny from all     
   </Directory>
                        
   <Directory /www/myserver/htdocs>                                                         
      order allow,deny                                                                      
      allow from all                                                                        
   </Directory>                                                                             
                                                                                            
   RedirectMatch Permanent "^(/(?!.well-known/).*)" https://myserver.com$1     
   #Redirect permanent / https://myserver.com                                  
</VirtualHost>                                                                              
                                                                                            
<VirtualHost xx.xx.xx.xx:443>                                                                 
   ServerName myserver.com
   .....
</VirtualHost> 

The first VirtualHost container is a normal setup that allows access to static files.  But, the key different is the RedirectMatch directive is saying to redirect all requests to the HTTPS site except for requests to the /.well-known directory.

I've tested it and it works great and makes life a little easier when you have to update your client's SSL certificates on a yearly basis.




Latest Posts:

G4MSMAIL Now Allows Wildcard Attachments G4MSMAIL Now Allows Wildcard Attachments
Posted by June 10, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
G4G Update for Uploading Large Files G4G Update for Uploading Large Files
Posted by May 28, 2021
BVSTools >> BVSTools Announcements >> GreenTools for G Suite (Google Apps) (G4G) Specific Announcements
Can We Purchase License Keys for More Than One Year at a Time? Can We Purchase License Keys for More Than One Year at a Time?
Posted by May 21, 2021
BVSTools >> BVSTools Announcements
JOBWATCH 5.10 Released with New Feature to Monitor CPU Percentages JOBWATCH 5.10 Released with New Feature to Monitor CPU Percentages
Posted by May 10, 2021
BVSTools >> BVSTools Announcements >> Job Watch (JOBWATCH) Specific Announcements
Iseries Access data transfer Iseries Access data transfer
Posted by April 29, 2021
IBM Power Systems >> (QGPL) IBM i
YAJL - Parsing YAJL - Parsing
Posted by April 4, 2021
Programming >> RPG Programming
Create LPAR partition and install OS Create LPAR partition and install OS
Posted by March 24, 2021
IBM Power Systems >> (QGPL) IBM i
G4MS Now Allows User/Password Authentication Option G4MS Now Allows User/Password Authentication Option
Posted by March 16, 2021
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
IPDS printer file using CHRSIZ IPDS printer file using CHRSIZ
Posted by February 25, 2021
Programming >> RPG Programming
How to Correctly Send the Display Machine Information (DSPMCHINF) Data to BVSTools for Key Generation How to Correctly Send the Display Machine Information (DSPMCHINF) Data to BVSTools for Key Generation
Posted by February 9, 2021
BVSTools >> BVSTools Software Discussion
G4MS Updated to v7.10 - Required Update for All G4MS Users G4MS Updated to v7.10 - Required Update for All G4MS Users
Posted by November 12, 2020
BVSTools >> BVSTools Announcements >> GreenTools for Microsoft Apps (G4MS) Specific Announcements
MAILTOOL Errors with Microsoft Office 365 (2020) MAILTOOL Errors with Microsoft Office 365 (2020)
Posted by September 3, 2020
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Using MAILTOOL With Office 365 and Two Factor Authentication (2FA or MFA) Using MAILTOOL With Office 365 and Two Factor Authentication (2FA or MFA)
Posted by August 17, 2020
BVSTools >> BVSTools Software Discussion >> Email Tools (MAILTOOL) Specific Discussion
Updating DNS With Dynamic IP Addresses After a Router Reboot/Power Outage Updating DNS With Dynamic IP Addresses After a Router Reboot/Power Outage
Posted by August 16, 2020
Programming >> Proof of Concept (POC)
GETURI v10.10 Released with New ILE Functions GETURI v10.10 Released with New ILE Functions
Posted by August 12, 2020
BVSTools >> BVSTools Announcements >> Get URI (GETURI) Specific Announcements

Reply




Copyright 1983-2020 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).