I've finally joined the 21st century, and gone to serving the site on https. On NearlyFreeSpeech, it should be easy: just run tls-setup.sh from an SSH terminal. That sets everything up to use Let's Encrypt, but that was failing because I use the Apache httpd RewriteEngine to host kavanot.name, with that domain redirecting to a subdirectory in the bililite.com directory tree. But Let's Encrypt wants to have access to the .well-known directory in the main directory. So https://kavanot.name was failing, and messing everything up.

The answer was at https://members.nearlyfreespeech.net/forums/viewtopic.php?t=11218 (which unfortunately is only visible to NFS members): make sure Apache didn't rewrite the .well-known directory:

RewriteCond %{REQUEST_URI} !\.well-known
RewriteCond %{HTTP_HOST} ^kavanot
RewriteRule // etc.

(meaning if the URI does not contain ".well-known" and the domain starts with kavanot, then do the rewrite.

And now running tls-setup.sh works!

Leave a Reply

Warning: Undefined variable $user_ID in /home/public/blog/wp-content/themes/evanescence/comments.php on line 75