* * * * *

                       I should have made a check list

Yup. I messed up again, just as I was afraid of [1]. Using mod_md [2] isn't
that hard, it's just that any mistake you make means you just lost a few
days, up to an entire month.

Sigh.

It's a bit late now, but I should have created this check list to help
prevent mistakes:

 1.  [ ]  Figure out primary domain name (aka (also known as) primary)
 2.  [ ]  Figure out alias domain name (aka alias)
 3.  [ ]  Configure MDomainSet
 3.   1.  [ ]  <MDomainSet primary>
 3.   1.   1.  [ ]  Make sure primary is spelled correctly

 3.   2.  [ ]  MDCertificateAgreement accepted
 3.   3.  [ ]  MDContactEmail [email protected]
 3.   4.  [ ]  MDMemer alias
 3.   4.   1.  [ ]  Make sure alias is spelled correctly

 3.   5.  [ ]  MDRequireHttps temporary
 3.   6.  [ ]  </MDomainSet>

 4.  [ ]  Configure VirtualHost alias:80
 4.   1.  [ ]  <VirtualHost ip:80>
 4.   2.  [ ]  ServerName alias
 4.   2.   1.  [ ]  Make sure alias is spelled correctly

 4.   3.  [ ]  Redirect permanent / http://primary
 4.   3.   1.  [ ]  Make sure primary is spelled correctly

 4.   4.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
 4.   5.  [ ]  </VirtualHost>

 5.  [ ]  Configure VirtualHost primary:80
 5.   1.  [ ]  <VirtualHost ip:80>
 5.   2.  [ ]  ServerName primary
 5.   2.   1.  [ ]  Make sure primary is spelled correctly

 5.   3.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
 5.   4.  [ ]  </VirtualHost>

 6.  [ ]  Configure VirtualHost alias:443
 6.   1.  [ ]  <VirtualHost ip:443>
 6.   2.  [ ]  SSLEngine on
 6.   3.  [ ]  ServerName alias
 6.   3.   1.  [ ]  Make sure alias is spelled correctly

 6.   4.  [ ]  Redirect permanent / https://primary
 6.   4.   1.  [ ]  Make sure primary is spelled correctly

 6.   5.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
 6.   6.  [ ]  </VirtualHost>

 7.  [ ]  Configure VirtualHost primary:443
 7.   1.  [ ]  <VirtualHost ip:443>
 7.   2.  [ ]  SSLEngine on
 7.   3.  [ ]  ServerName primary
 7.   3.   1.  [ ]  Make sure primary is spelled correctly

 7.   4.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
 7.   5.  [ ]  </VirtualHost>
 7.   6.  [ ]  Other configuration settings …


My last mistake? I forgot to add acme-tls/1 to the Protocols directive.

Aaaaaaah!

It's not that I haven't done check [3] lists [4] before, and they're great at
making sure you don't miss a step—I just have to remind myself to do them.
But better late than never, as I can use this the next time I have to add a
new domain.

[1] gopher://gopher.conman.org/0Phlog:2022/12/07.2
[2] https://httpd.apache.org/docs/2.4/mod/mod_md.html
[3] gopher://gopher.conman.org/0Phlog:2006/08/24.1
[4] gopher://gopher.conman.org/0Phlog:2015/03/18.1

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.