Let's Encryptを使うには、httpでの接続も残しておかないと更新してくれない。.well-knownにアクセスできなくて失敗する。
httpを立てておいて、httpsにリダイレクト、でその先はBasic認証アリだとか作ってるとダメ。http => https(Basic認証アリ)
IMPORTANT NOTES: - The following errors were reported by the server: Domain: example.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-challenge/OjG***************************************3I: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>401 Unauthorized</title>\n</head><body>\n<h1>Unauthorized</"
で、こうやっておく。
httpアクセス側のhttpd.conf
<VirtualHost *:80> ServerAdmin webmaster@example.jp ServerName example.com DocumentRoot /web/example.com/htdocs <Directory /web/example.com/htdocs> RewriteEngine On RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] </Directory> <Directory /web/example.com/htdocs/.well-known> RewriteEngine Off Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/example.com.error.log CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined </VirtualHost>
.well-knowは転送無しにして、かつ Require all granted 。これが無いとあの忌々しい
[authz_core:error] [pid 2510] [client 192.168.111.111:50355] AH01630: client denied by server configuration:
が出る。