OK, I am not an Apache person; mostly use nginx. I need to set up the following in Virtualmin to get rocketchat working. I have looked around the GUI but not sure where I should set what or if I should just edit the directive manually and if so, what do I put where.
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName subdomain.your-domain.com
ServerAlias www.subdomain.your-domain.com
<Location />
Order allow,deny
Allow from all
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName subdomain.your-domain.com
ServerAlias www.subdomain.your-domain.com
<Location />
Order allow,deny
Allow from all
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>
SSLCertificateFile /etc/letsencrypt/live/subdomain.your-domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.your-domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/subdomain.your-domain.com/chain.pem
</VirtualHost>
I must not have done it correctly because it ended up bonking the cert for the regular domain. I had applied a separate cert to the sub domain. I removed the sub domain and it bonked webmin; had to edit minserv.conf and remove two lines relating to the sub domain certs before webmin would start.
I deleted and then recreated the sub domain. I then requested a cert from Let’s Encrypt. Once that was in place I simply edited the directive for the ssl website and added only the location block and left everything else as it was. It works. I will see how updating the cert goes when that time comes. I am actually thinking that buying certs is the way to go; this constant renewing from Let’s Encrypt stinks; they could make it at least six months. There are cheaper certs on the market now and not worrying about the certs for a whole year is nice. People run scare when they see that big red warning on their browser window.