Using lets encrypt without control over the root directory
1158 Репутация автора
I'm running a Django website and using lets encrypt for my SSL. Configuration of the framework is such that I can't allow access on: http://url.com/.xxxx
What I can allow free access to is: http://url.com/static/.xxxx
My /static/ URL can accept and host any random files lets encrypt needs. Is there a way to have certbot support /static/ instead of just using / for the URL?
I've found a work around that is acceptable for me. Further digging, I found that /.well-known/ is always the base directory for SSL checking. That means we can add a static directory which will work nicely with certbot. Here's how, firstly add this into your apache config:
Alias /.well-known/ /var/www/XXXXX/website/static/.well-known/ <Directory /var/www/XXXXX/website/static/.well-known/> Require all granted </Directory>
Then add this into your settings.py file:
STATIC_ENCRYPT_URL = '/.well-known/' STATIC_ENCRYPT_ROOT = '/var/www/XXXXX/website/static/'
Add this into your urls.py:
urlpatterns = [ ... ] + static(settings.STATIC_ENCRYPT_URL, document_root=settings.STATIC_ENCRYPT_ROOT)
Reset your webserver. Now you have a special url /.well-known/ which will host any file certbot requires.
I'd still like a better answer than this.Автор: Luke Dupin Источник Размещён: 18.07.2016 06:23
3570 Репутация автора
In case other users come this way like I did from Google, here's how I improved this situation:
I was unsatisfied by my options when it came to creating
ACME challenges for Let's Encrypt when running a
Django application. So, I rolled my own solution and created a Django app! Basically, you can manage your
ACME challenges as just another object, and the app will produce the proper end-point URL.