Friday, Debtember 09, 2022
I should have made a check list
Yup.
I messed up again,
just as I was afraid of.
Using mod_md
isn't that hard,
it's just that any mistake you make means you just lost a few days,
up to an entire month.
Sigh.
It's a bit late now, but I should have created this check list to help prevent mistakes:
- Figure out primary domain name (aka primary)
- Figure out alias domain name (aka alias)
- Configure
MDomainSet
-
<MDomainSet primary>
- Make sure primary is spelled correctly
-
MDCertificateAgreement accepted
-
MDContactEmail sean@coman.org
-
MDMemer alias
- Make sure alias is spelled correctly
-
MDRequireHttps temporary
-
</MDomainSet>
-
- Configure
VirtualHost alias:80
-
<VirtualHost ip:80>
-
ServerName alias
- Make sure alias is spelled correctly
-
Redirect permanent / http://primary
- Make sure primary is spelled correctly
-
Protocols h2 h2c http/1.1 acme-tls/1
-
</VirtualHost>
-
- Configure
VirtualHost primary:80
-
<VirtualHost ip:80>
-
ServerName primary
- Make sure primary is spelled correctly
-
Protocols h2 h2c http/1.1 acme-tls/1
-
</VirtualHost>
-
- Configure
VirtualHost alias:443
-
<VirtualHost ip:443>
-
SSLEngine on
-
ServerName alias
- Make sure alias is spelled correctly
-
Redirect permanent / https://primary
- Make sure primary is spelled correctly
-
Protocols h2 h2c http/1.1 acme-tls/1
-
</VirtualHost>
-
- Configure
VirtualHost primary:443
-
<VirtualHost ip:443>
-
SSLEngine on
-
ServerName primary
- Make sure primary is spelled correctly
-
Protocols h2 h2c http/1.1 acme-tls/1
-
</VirtualHost>
- Other configuration settings …
-
My last mistake?
I forgot to add acme-tls/1
to the Protocols
directive.
Aaaaaaah!
It's not that I haven't done check lists before, and they're great at making sure you don't miss a step—I just have to remind myself to do them. But better late than never, as I can use this the next time I have to add a new domain.