A gotcha that caught me for ages today when setting up certs. When I run the bitnami tool to generate certs…
sudo ./bncert-tool
.. I get the following warning:
Warning: The domain 'domain.com' resolves to a different IP address than
the one detected for this machine, which is 'yy.yy.xx.xx'. Please fix its DNS
entries or remove it. For more info see:
https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/
Press [Enter] to continue:
It took me ages to realise that I am using cloudflare.com as a DNS Proxy so that the actual IP address is not exposed. This means that the DNS record is returning the proxy IP and not the actual public IP.
All I needed to do was bypass the DNS Proxy in cloudflare by turning the (little orange cloud grey) before I create the certs (I turned it back on afterwards).
Another issue I had was with rewrite rules. I had 2 rewrite rules by mistake.
Since I manage a lot of websites, I normally setup all my rewrite rules in cloudflare.com.
When I setup letencrypt, the default bitnami apache config also has a rewrite rule so :
Cloudflare was rewriting http://domain.com to https://domain.com
..then Bitname apache was writing https://domain.com to https://www.domain.com
..then cloudflare was rewriting https://www.domain.com to https://domain.com
and around and around in circles we go.
I remove the rewrite rule on the server, so that all my existing cloudflare rewrites are consistent with this new server.
cd /opt/bitnami/apache2/conf/bitnami
sudo jed bitnami.conf
the comment out the following line:
#RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
All done.
2/100DaysOfCode