SSL Renewals failing - apache proxy bypass?

OS type and version Ubuntu 22.04.3
Virtualmin version 7.8.2
Webmin version 2.101

I’m very new to Virtualmin, managing this as a volunteer for a non-profit. We stood up 6 total virtual servers, mostly running apps, not websites. One of those is the parent virtualmin virtual server.
Recently noticed certificate renewals were not working. Managed to get DNS manual renewal done this morning on the pressing ones. I can’t do the provider’s one via DNS because I don’t own their domain, and I don’t want to leave any of these on a manual DNS process, so I’d like to work through the apache configuration needed to bypass the certbot requests through our https redirects. I don’t seem to be able to find the right search terms online.

Doing a certbot renew dry run right now yields this output.
Processing /etc/letsencrypt/renewal/

Account registered.
Simulating renewal of an existing certificate for

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from Mattermost 500

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

We redirect everything on this particular virtual server to the app port it runs on, so I think we need to bypass the requests specific to certbot. Anyone know the terminology or syntax to do so?

Looks like I would want to prevent any URL that includes this from getting redirected to the app’s port:

You likely have ProxyPass rules in place (rather than a redirect). You need to exclude .well-known from the match. Usually it’s as simple as putting something like this in front of the ProxyPass rule(s).

ProxyPass /.well-known !

Which says anything with a URL starting with /.well-know is excluded from proxying.

If you actually are redirecting (and not proxying), that would be similar, but for Redirect or RedirectMatch directives instead of Proxy directives.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.