Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Let’s Encrypt certificate and Dreamhost
Anybody has any experience setting this up? It is actually fully automatic now, integrated in the Dreamhost control panel (see the help article). What worry me a bit is the upgrade/renewal process. Those certificates are only valid for 90 days. Is the certificate automatically renewed (help files don’t mention it)?
A question, though (before I mess thing up… I’m a complete disaster with mod_rewrite…). The DH help file strongly suggest to add the following to the .htaccess file:
RewriteRule ^.well-known/(.*)$ - [L]Does t matter where I add it in the Textpattern mod_rewrite block ? Testing on my local dev server, I added the rule like this:
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /relative/web/path/
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) - [PT,L]
RewriteRule ^.well-known/(.*)$ - [L] # Dreamhost / Let's Encrypt
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*) index.php
RewriteCond %{HTTP:Authorization} !^$
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>So far it seems to work fine. Any other gotchas I should now?
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
#2 2016-04-27 01:47:26
- ax
- Plugin Author
- From: Germany
- Registered: 2009-08-19
- Posts: 165
Re: Let’s Encrypt certificate and Dreamhost
Yes, just tried it. One click in the admin panel, and it works. They say that the certificate will automagically renew, no action required.
In order to force https, I added
# Force ssl
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]to the .htaccess file.
Last edited by ax (2016-04-27 02:46:26)
Offline
Re: Let’s Encrypt certificate and Dreamhost
Thanks Peter. Later today I’ll go ahead with it.
I had forgotten that they mentioned the renewal in the blog post.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: Let’s Encrypt certificate and Dreamhost
I decided to try it out on two different domains – my personal site and a new project I am working on.
I followed the instructions above and changed the .htaccess file to:
#DirectoryIndex index.php index.html
#Options +FollowSymLinks
#Options -Indexes
#ErrorDocument 403 default
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /relative/web/path/
# Force ssl
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) - [PT,L]
RewriteRule ^.well-known/(.*)$ - [L] # Dreamhost / Let's Encrypt
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*) index.php
RewriteCond %{HTTP:Authorization} !^$
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>
#php_value register_globals 0
# SVG
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>It works perfectly on the new site.
On mine, I am getting a Firefox Error:
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
Not sure what the problem is – I can actually log into the Textpattern backend so it seems to be something about the page itself. I tried disabling all the analytics code but that didn’t seem to have any effect.
So it works — but be careful.
Offline
#5 2016-04-27 16:05:33
- ax
- Plugin Author
- From: Germany
- Registered: 2009-08-19
- Posts: 165
Re: Let’s Encrypt certificate and Dreamhost
michaelkpate wrote #298855:
I followed the instructions above …
Without knowing what the
RewriteRule ^.well-known/(.*)$ - [L] # Dreamhost / Let's Encryptis good for anyway, I would suggest to try without it. My .htaccess does not have it and looks like this:
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
# Force ssl
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
# Dreamhost stats
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html).*$ [NC]
RewriteRule . - [L]
#Textpattern
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) - [PT,L]
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*) index.php
RewriteCond %{HTTP:Authorization} !^$
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>
#php_value register_globals 0
# SVG
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>Good luck, Peter
Offline
Re: Let’s Encrypt certificate and Dreamhost
As far as I understand it, that RewriteRule suggested by Dreamhost is to ensure that the installation script runs correctly. It has no effect on the certificate itself. What is not clear, to me at least, is if that is still needed for updating the certificate.
That said, I’ve gone ahead and flipped the switch on my side. my .htaccess file looks the same as yours and so far I haven’t seen any issues (Safari, Mobile Safari, Firefox). I haven’t tried the TXP admin part with Firefox, though.
Edit – When I look at my server through the eyes of Transmit (FTP client), there is no trace of a .well-known folder. It is very possible that the Dreamiest install script actually cleans up after itself.
Last edited by phiw13 (2016-04-28 00:06:48)
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: Let’s Encrypt certificate and Dreamhost
Quick update:
I can get michaelkpate.com to work normally but it will not work as secure. So I commented out the forcing portion.
I installed it on patetech.info (didn’t touch the .htaccess) and it also worked. So then I made the changes and it works fine.
So I assume something weird is going on with michaelkpate.com but tracking it down isn’t really a priority.
Offline