Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2016-04-27 00:59:49

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,192
Website

Let’s Encrypt certificate and Dreamhost

Anybody has any experience setting this up? It is actually fully automatic now, integrated in the Dreamhost control panel (see the help article). What worry me a bit is the upgrade/renewal process. Those certificates are only valid for 90 days. Is the certificate automatically renewed (help files don’t mention it)?

A question, though (before I mess thing up… I’m a complete disaster with mod_rewrite…). The DH help file strongly suggest to add the following to the .htaccess file:

RewriteRule ^.well-known/(.*)$ - [L]

Does t matter where I add it in the Textpattern mod_rewrite block ? Testing on my local dev server, I added the rule like this:

<IfModule mod_rewrite.c>
	RewriteEngine On
	#RewriteBase /relative/web/path/

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^(.+) - [PT,L]

	RewriteRule ^.well-known/(.*)$ - [L]  # Dreamhost / Let's Encrypt

	RewriteCond %{REQUEST_URI} !=/favicon.ico
	RewriteRule ^(.*) index.php

	RewriteCond %{HTTP:Authorization}  !^$
	RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

So far it seems to work fine. Any other gotchas I should now?


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#2 2016-04-27 01:47:26

ax
Plugin Author
From: Germany
Registered: 2009-08-19
Posts: 165

Re: Let’s Encrypt certificate and Dreamhost

Yes, just tried it. One click in the admin panel, and it works. They say that the certificate will automagically renew, no action required.

In order to force https, I added

        # Force ssl
        RewriteCond %{SERVER_PORT}   !^443$
        RewriteRule  (.*)  https://%{HTTP_HOST}/$1   [L]

to the .htaccess file.

Last edited by ax (2016-04-27 02:46:26)

Offline

#3 2016-04-27 02:48:11

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,192
Website

Re: Let’s Encrypt certificate and Dreamhost

Thanks Peter. Later today I’ll go ahead with it.

I had forgotten that they mentioned the renewal in the blog post.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#4 2016-04-27 14:26:35

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: Let’s Encrypt certificate and Dreamhost

I decided to try it out on two different domains – my personal site and a new project I am working on.

I followed the instructions above and changed the .htaccess file to:

#DirectoryIndex index.php index.html

#Options +FollowSymLinks
#Options -Indexes
#ErrorDocument 403 default

<IfModule mod_rewrite.c>
	RewriteEngine On
	#RewriteBase /relative/web/path/

	# Force ssl
	RewriteCond %{SERVER_PORT}   !^443$
	RewriteRule  (.*)  https://%{HTTP_HOST}/$1   [L]

	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^(.+) - [PT,L]

	RewriteRule ^.well-known/(.*)$ - [L]  # Dreamhost / Let's Encrypt

	RewriteCond %{REQUEST_URI} !=/favicon.ico
	RewriteRule ^(.*) index.php

	RewriteCond %{HTTP:Authorization}  !^$
	RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

#php_value register_globals 0

# SVG
<IfModule mod_mime.c>
	AddType image/svg+xml  svg svgz
	AddEncoding gzip       svgz
</IfModule>

It works perfectly on the new site.

On mine, I am getting a Firefox Error:

The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

Not sure what the problem is – I can actually log into the Textpattern backend so it seems to be something about the page itself. I tried disabling all the analytics code but that didn’t seem to have any effect.

So it works — but be careful.

Offline

#5 2016-04-27 16:05:33

ax
Plugin Author
From: Germany
Registered: 2009-08-19
Posts: 165

Re: Let’s Encrypt certificate and Dreamhost

michaelkpate wrote #298855:

I followed the instructions above …

Without knowing what the

RewriteRule ^.well-known/(.*)$ - [L]  # Dreamhost / Let's Encrypt

is good for anyway, I would suggest to try without it. My .htaccess does not have it and looks like this:

Options -Indexes

<IfModule mod_rewrite.c>
	RewriteEngine On

	# Force ssl
	RewriteCond %{SERVER_PORT}   !^443$
	RewriteRule  (.*)  https://%{HTTP_HOST}/$1   [L]

	# Dreamhost stats
	RewriteBase /
	RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html).*$ [NC]
	RewriteRule . - [L]

	#Textpattern
	RewriteCond %{REQUEST_FILENAME} -f [OR]
	RewriteCond %{REQUEST_FILENAME} -d
	RewriteRule ^(.+) - [PT,L]

	RewriteCond %{REQUEST_URI} !=/favicon.ico
	RewriteRule ^(.*) index.php

	RewriteCond %{HTTP:Authorization}  !^$
	RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

#php_value register_globals 0

# SVG
<IfModule mod_mime.c>
	AddType image/svg+xml  svg svgz
	AddEncoding gzip       svgz
</IfModule>

Good luck, Peter

Offline

#6 2016-04-27 23:59:54

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,192
Website

Re: Let’s Encrypt certificate and Dreamhost

As far as I understand it, that RewriteRule suggested by Dreamhost is to ensure that the installation script runs correctly. It has no effect on the certificate itself. What is not clear, to me at least, is if that is still needed for updating the certificate.

That said, I’ve gone ahead and flipped the switch on my side. my .htaccess file looks the same as yours and so far I haven’t seen any issues (Safari, Mobile Safari, Firefox). I haven’t tried the TXP admin part with Firefox, though.

Edit – When I look at my server through the eyes of Transmit (FTP client), there is no trace of a .well-known folder. It is very possible that the Dreamiest install script actually cleans up after itself.

Last edited by phiw13 (2016-04-28 00:06:48)


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#7 2016-04-28 14:01:09

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: Let’s Encrypt certificate and Dreamhost

Quick update:

I can get michaelkpate.com to work normally but it will not work as secure. So I commented out the forcing portion.

I installed it on patetech.info (didn’t touch the .htaccess) and it also worked. So then I made the changes and it works fine.

So I assume something weird is going on with michaelkpate.com but tracking it down isn’t really a priority.

Offline

Board footer

Powered by FluxBB