How To Configure Apache 2.4 to Renew LetsEncrypt running WordPress and https
erics, Posted August 21st, 2017 at 1:23:32pm
This post does not cover configuring letsencrypt or ssl/https.
First, make sure your LetsEncrypt configuration points to the actual WordPress document root directory
cat /etc/letsencrypt/renewal/www.yourdomain.com.conf
|
1 2 3 4 |
... [[webroot_map]] yourdomain.com = /volumes/data/www/yourdomain.com/prod/wordpress www.yourdomain.com = /volumes/data/www/yourdomain.com/prod/wordpress |
Second, use the new macro language feature in Apache 2.4 to configure an https redirect macro which does NOT redirect to https for anything in the .well-known subdirectory. This allows the renewal process to function via http with no redirect.
Apache Config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
<Macro RedirectTo $protocol $domain> <If "%{REQUEST_URI} =~ m#^/\.well-known(/|$)#"> # Do nothing </If> <ElseIf "tolower(req('Host')) != '$domain' || tolower(%{REQUEST_SCHEME}) != '$protocol'"> Redirect permanent / $protocol://$domain/ </ElseIf> </Macro> <VirtualHost *:80> ServerName www.yourdomain.com ServerAlias *yourdomain* DocumentRoot /volumes/data/www/yourdomain.com/prod/wordpress DirectoryIndex index.html index.php index.cgi ServerAdmin apache.admin@yourdomain.com ErrorLog "| /usr/sbin/rotatelogs /volumes/data/www/yourdomain.com/prod/logs/www_errors.log 86400" CustomLog "| /usr/sbin/rotatelogs /volumes/data/www/yourdomain.com/prod/logs/www_access.log 86400" combined Header set Access-Control-Allow-Origin *yourdomain.com Use RedirectTo https yourdomain.com <Directory "/volumes/data/www/yourdomain.com/prod/wordpress"> AllowOverride all Options +FollowSymLinks +ExecCGI Require all granted Order allow,deny Allow from all </Directory> <Files xmlrpc.php> Order allow,deny Deny from all </Files> </VirtualHost> <VirtualHost *:443> ... </VirtualHost> |
Lastly, make sure your wordpress/.htaccess file contains at least the following to ensure that files are served directly:
|
1 2 3 4 5 6 7 8 9 10 |
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress |
Categories: How-To's, Technology 2.4, Acme, apache, Apache 2.4, Encrypt, https, LetsEncrypt, redirect, Renew, well-known, WordPress
Leave Your Comment
All fields marked with "*" are required.