[LON-CAPA-admin] certbot renew on Ubuntu 16 AND https only question

Raeburn, Stuart raeburn at msu.edu
Sun Mar 10 22:43:06 EDT 2019 

Nathan,

The LON-CAPA domain coordination manual (p. 33 in the PDF version) includes the command to use to enable rewriting of http to https. For Ubuntu:

cp /etc/apache2/rewrites/loncapa_rewrite_on.conf /etc/apache2/loncapa_rewrite.conf
/etc/init.d/apache2 reload

and (for Ubuntu), if you decide to disable rewriting of http to https:

cp /etc/apache2/rewrites/loncapa_rewrite_off.conf /etc/apache2/loncapa_rewrite.conf
/etc/init.d/apache2 reload

See: loncapa.winona.edu/adm/help/domain.manual.pdf for details.

Note: LON-CAPA 2.12 will include support for management of Apache/SSL certificates signed by letsencrypt.org (without the use of certbot), for those domains where institutional policies allow that.
See: bugs.loncapa.org/show_bug.cgi?id=6893


Stuart Raeburn
LON-CAPA Academic Consortium

________________________________________
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Moore, Nathan T <nmoore at winona.edu>
Sent: Sunday, March 10, 2019 9:19 PM
To: list about administration and system updating
Subject: [LON-CAPA-admin] certbot renew on Ubuntu 16 AND https only question

I have loncapa running on an Azure/Linux/Ubuntu 16 vm for the domain loncapa.winona.edu.

In December, with lots of help from Stuart, I got certbot up and running on the machine.  Certbot provides a free SSL certificate, which is required for https.

Last week, I tried to renew my ssl certificate with certbot.  "certbot renew" failed.

The proper way (I learned today) to renew your certbot certificate in Ubuntu 16 is to include the following command-line arguments:

     certbot run -a webroot -i apache -w /home/httpd/html/ -d loncapa.winona.edu

Now, question:  Right now my loncapa site accepts http or https connections.  Since certbot seems to be working reliably, it seems like a good idea to force redirects from http://loncapa.winona.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__loncapa.winona.edu&d=DwMGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=jf5fxrtarxziozEFGf_UDnCVrzob4Q49XBnTz6wus-4&s=TogVyuZf2kFwwJWnDyn7T-P1n_PuxFrhKwf3Of_1wxY&e=> to https://loncapa.winona.edu<https://urldefense.proofpoint.com/v2/url?u=https-3A__loncapa.winona.edu&d=DwMGaQ&c=nE__W8dFE-shTxStwXtp0A&r=VsGo3jOm8tGLd6f-KlhT-g&m=jf5fxrtarxziozEFGf_UDnCVrzob4Q49XBnTz6wus-4&s=FUAzGjC3w3r7-6h5XIb6DYmuNQgayCNQjxPeUywI33I&e=>

The "hack" way of doing this is to directly edit the vhost file with the lines,
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Q1: I see some relevant files in /etc/apache2  Can I just edit them directly?
:/etc$ grep RewriteEngine ./apache2/loncapa*
./apache2/loncapa_apache.conf:        RewriteEngine on​
./apache2/loncapa_apache.conf:      RewriteEngine on​
./apache2/loncapa_rewrite.conf:    RewriteEngine off​

Q2: Q1 seems like a hack approach that will be overwritten when I update.  Is there an approach within loncapa configuration that automatically writes in this redirection?

Thanks all.





- - - -

Nathan Moore

Professor of Physics

Winona State University

More information about the LON-CAPA-admin mailing list