Forums >> Programming >> Web Programming
bvstone
Allowing Requests over Port 80 For SSL Validation (ie, Namecheap, etc)
Posted: 01/31/2020, 16:14:21
If you've ever set up SSL on the IBM i for an Apache server and don't have access to the email addresses listed on the domain registration, you have the option to prove ownership by uploading a file to a folder such as /.well-known/pki-validation.
Once the issuer of the SSL certificate sees this file they can then forward you the SSL certificate for the server.
Well, the problem with this is you normally aren't running anything on port 80 these days other than a redirect to the HTTPS site, and this request is required over port 80 for some reason (HTTP).
So, with a little research and trial and error I was able to put together this sample HTTP configuration that allows access over port 80 to this specific folder location.
Listen xx.xx.xx.xx:80
Listen xx.xx.xx.xx:443
<VirtualHost xx.xx.xx.xx:80>
ServerName myserver.com
DocumentRoot /www/myserver/htdocs
DirectoryIndex index.html
<Directory />
Options None
order deny,allow
deny from all
</Directory>
<Directory /www/myserver/htdocs>
order allow,deny
allow from all
</Directory>
RedirectMatch Permanent "^(/(?!.well-known/).*)" https://myserver.com$1
#Redirect permanent / https://myserver.com
</VirtualHost>
<VirtualHost xx.xx.xx.xx:443>
ServerName myserver.com
.....
</VirtualHost>
The first VirtualHost container is a normal setup that allows access to static files. But, the key different is the RedirectMatch directive is saying to redirect all requests to the HTTPS site except for requests to the /.well-known directory.
I've tested it and it works great and makes life a little easier when you have to update your client's SSL certificates on a yearly basis.
Reply
© Copyright 1983-2024 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).