Comments (8)
https://community.sophos.com/kb/en-us/132940
it's now a supported feature
from sophos-utm-letsencrypt.
I was able to get it working by creating /var/sec/chroot-httpd/etc/httpd/vhost/httpd-cert.conf with the following:
Listen *:80
<VirtualHost *:80>
DocumentRoot /var/www
SSLEngine off
<Location />
Order Deny,Allow
Deny from All
Allow from 0.0.0.0/0
</Location>
from sophos-utm-letsencrypt.
I just had a major scare! I tried following the steps above, to create the challenge site, but I must've done something wrong, because the moment I restarted the UTM, I lost access to all portals, and I lost all external connectivity to the outside world. Luckily, I still had SSH access.
I also got really lucky that deleting the /var/sec/chroot-httpd/var/www
tree and /var/sec/chroot-httpd/etc/httpd/vhost/httpd-cert.conf
file allowed everything to start normally! I thought I was going to be in for a long night, restoring the UTM.
@mattohm, what version of the UTM are you running? You're saying that you are able to successfully get a Let's Encrypt cert for your UTM portal(s)? Would you mind sharing all necessary httpd-cert.conf
entries and associated firewall rule(s)?
I don't care too much about getting an LE cert for the webadmin portal, but I would really like to get one for the user portal. I'm running UTM 9.503-4.
Best regards...
from sophos-utm-letsencrypt.
I'm currently at 9.503-4 but I've been running like this for well over a year. You can reload the httpd with "/etc/rc.d/httpd restart" instead of rebooting.
The firewall rule I have is any > http > external address
Make sure that none of your portals/web servers are running on port 80.
My entire httpd-cert.conf:
Listen *:80
<VirtualHost *:80>
DocumentRoot /var/www
SSLEngine off
DirectoryIndex index.html
Order Deny,Allow
Deny from All
Allow from 0.0.0.0/0
from sophos-utm-letsencrypt.
Better yet, start it using:
chroot /var/sec/chroot-httpd /bin/httpd -f /etc/httpd/httpd.conf -e debug -k restart
to show startup errors.
from sophos-utm-letsencrypt.
need to make sure you close the virtualhost tag or httpd will fail to start:
Listen *:80
<VirtualHost *:80>
DocumentRoot /var/www
SSLEngine off
DirectoryIndex index.html
Order Deny,Allow
Deny from All
Allow from 0.0.0.0/0
</VirtualHost>
from sophos-utm-letsencrypt.
Hi guys,
The fix outlined in this thread totally works except in one respect. It breaks http to https redirects with web-server protection, because port 80 is configured in the httpd-cent.conf. The https only option works without a problem. However, I would really like there to be a port 80 to port 443 redirect in place. Is there a way to fix this?
If not I think I need write a bash script with the following logic and place it in /etc/crontab-static
- Create the /var/sec/chroot-httpd/etc/httpd/vhost/httpd-cert.conf with the following contents
Listen *:80
<VirtualHost *:80>
DocumentRoot /var/www
SSLEngine off
DirectoryIndex index.html
Order Deny,Allow
Deny from All
Allow from 0.0.0.0/0
</VirtualHost>
- Restart httpd
- Updates my lets-encrypt certs
- Remove /var/sec/chroot-httpd/etc/httpd/vhost/httpd-cert.conf
- Restart httpd
Thanks!
from sophos-utm-letsencrypt.
I did not know that! Thanks
Update: The 9.6 update is still only available via FTP. I'm a bit nervous to update until it shows up in the up2date section of the UTM based on the comments here.
from sophos-utm-letsencrypt.
Related Issues (15)
- WAF not serving CA HOT 4
- Error Loading extension section v3_ca
- acme challenge file doesn't copy to server HOT 1
- Index out of range HOT 4
- Cert Not Being Updated in UTM HOT 1
- Domain Issue HOT 1
- No Wildcard Support
- update-cert fail HOT 2
- Sophos UTM doesn't have an FTP client? HOT 1
- Problems with renewing, Windows Server HOT 4
- Error Loading extension section v3_ca HOT 3
- crontab entry not working HOT 1
- cc not working HOT 1
- [understanding] http://yourdomain.com/.well-known/acme-challenge/ reachable HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sophos-utm-letsencrypt.