Letsencrypt/certbot fails when proxying with Apache ProxyPass

I had an issue on Directadmin server where client had nodejs application for which apache had to proxy on port 3001. Becouse of this, letsencrypt was not able to reach .well-known/acme-challenge/ and certificate registration/renewal failed. Solution is simple, you have to exclude proxy when requesting .well-known/acme-challenge/.

This was error whent trying to check .well-known/acme-challenge:

$ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
{"errors":[{"message":"Route /.well-known/test.txt doesn't exist.","extensions":{"code":"ROUTE_NOT_FOUND"}}]}%

So I added “ProxyPass !” directive just before where I create proxy directive to port 3001. Like so:

. . .
<Location /.well-known/acme-challenge>
   ProxyPass !
</Location>

<Location />
Require all granted
   ProxyPass http://127.0.0.1:3000/
   ProxyPassReverse http://127.0.0.1:3000/
</Location>
. . . 

Then I was able tu make request to .well-known/acme-challenge sucsessfully:

> $ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
It works!

I hope this helps! 🙂

Directadmin – Proxy Error: DNS lookup failure for php-fpm56 …

If you changed php handler for your Directadmin installation to php-fpm, rewrite all configs and then get error like this:

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /index.php.
Reason: DNS lookup failure for: php-fpm56.domainname

It is almost certainly that apache templates that are used for generating user http configuration files are wrong. Probably you have custom templates.

Go to /usr/local/directadmin/data/templates/custom and check if there are files like files virtual_host2.conf … . If they are, just rename custom directory to something new:

[root@lol ~]# cd /usr/local/directadmin/data/templates/
[root@lol templates]# mv custom custom-bak

Directadmin will then use default templates when creating new Apache configs. Rewrite your apache config files:

[root@lol ~]#  cd /usr/local/directadmin/custombuild
[root@lol custombuild]# ./build rewrite_confs

It should solve the problem. Also, make sure that php-fpm for all php versions are working.

© 2022 geegkytuts.net
Hosted by SIEL


About author