I should have made a check list

Yup. I messed up again, just as I was afraid of [1]. Using mod_md [2] isn't that hard, it's just that any mistake you make means you just lost a few days, up to an entire month.

Sigh.

It's a bit late now, but I should have created this check list to help prevent mistakes:

1. [ ] Figure out primary domain name (aka (also known as) primary)
2. [ ] Figure out alias domain name (aka alias)
3. [ ] Configure MDomainSet
3. * 3. * 1. [ ] <MDomainSet primary>
3. * 1. * 3. * 1. * 1. [ ] Make sure primary is spelled correctly

3. * 2. [ ] MDCertificateAgreement accepted
3. * 3. [ ] MDContactEmail sean@coman.org
3. * 4. [ ] MDMemer alias
3. * 4. * 3. * 4. * 1. [ ] Make sure alias is spelled correctly

3. * 5. [ ] MDRequireHttps temporary
3. * 6. [ ] </MDomainSet>

4. [ ] Configure VirtualHost alias:80
4. * 4. * 1. [ ] <VirtualHost ip:80>
4. * 2. [ ] ServerName alias
4. * 2. * 4. * 2. * 1. [ ] Make sure alias is spelled correctly

4. * 3. [ ] Redirect permanent / http://primary
4. * 3. * 4. * 3. * 1. [ ] Make sure primary is spelled correctly

4. * 4. [ ] Protocols h2 h2c http/1.1 acme-tls/1
4. * 5. [ ] </VirtualHost>

5. [ ] Configure VirtualHost primary:80
5. * 5. * 1. [ ] <VirtualHost ip:80>
5. * 2. [ ] ServerName primary
5. * 2. * 5. * 2. * 1. [ ] Make sure primary is spelled correctly

5. * 3. [ ] Protocols h2 h2c http/1.1 acme-tls/1
5. * 4. [ ] </VirtualHost>

6. [ ] Configure VirtualHost alias:443
6. * 6. * 1. [ ] <VirtualHost ip:443>
6. * 2. [ ] SSLEngine on
6. * 3. [ ] ServerName alias
6. * 3. * 6. * 3. * 1. [ ] Make sure alias is spelled correctly

6. * 4. [ ] Redirect permanent / https://primary
6. * 4. * 6. * 4. * 1. [ ] Make sure primary is spelled correctly

6. * 5. [ ] Protocols h2 h2c http/1.1 acme-tls/1
6. * 6. [ ] </VirtualHost>

7. [ ] Configure VirtualHost primary:443
7. * 7. * 1. [ ] <VirtualHost ip:443>
7. * 2. [ ] SSLEngine on
7. * 3. [ ] ServerName primary
7. * 3. * 7. * 3. * 1. [ ] Make sure primary is spelled correctly

7. * 4. [ ] Protocols h2 h2c http/1.1 acme-tls/1
7. * 5. [ ] </VirtualHost>
7. * 6. [ ] Other configuration settings …

My last mistake? I forgot to add acme-tls/1 to the Protocols directive.

Aaaaaaah!

It's not that I haven't done check [3] lists [4] before, and they're great at making sure you don't miss a step—I just have to remind myself to do them. But better late than never, as I can use this the next time I have to add a new domain.

[1] /boston/2022/12/07.2

[2] https://httpd.apache.org/docs/2.4/mod/mod_md.html

[3] /boston/2006/08/24.1

[4] /boston/2015/03/18.1

Gemini Mention this post

Contact the author