Mailing List Archive

You don't enable SSL for a endpoint you do it for a host/port combination.
All endpoints under that virtual host is SSL enabled.

On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:

> Hello
>
> When I run certbot --apache for modperl handler service, it doesn't work.
> So how can I setup letsencrypt SSL for a pure handler web API?
>
> Thanks
>

but that vhost has a modperl handler as the endpoint only.

On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya <mithnb@gmail.com>
wrote:

> You don't enable SSL for a endpoint you do it for a host/port combination.
> All endpoints under that virtual host is SSL enabled.
>
> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:
>
>> Hello
>>
>> When I run certbot --apache for modperl handler service, it doesn't work.
>> So how can I setup letsencrypt SSL for a pure handler web API?
>>
>> Thanks
>>
>

You do not even need to have a virtualhost with ssl enabled for certbot
to work.
You can have a simple VirtualHost responding to regular 80 port, then
get the ssl certificate, then add the VirtualHost for SSL and all your
modperl specifications to it. Something like the following, and once you
got the certificate, you uncomment the 2nd part.

----
<Virtualhost *:80>
    ServerName api.example.org:80
    ServerAdmin www@example.org
    DocumentRoot /var/www/api.example.org
    DirectoryIndex "index.html" "index.pl" "index.php"
    CustomLog "/var/log/apache2/api.example.org-access.log" combined
    ErrorLog "/var/log/apache2/api.example.org-error.log"
    LogLevel warn
    <Directory "/var/www/api.example.org">
        Options All +MultiViews -ExecCGI -Indexes -Includes
        AllowOverride All
    </Directory>
    ScriptAlias     "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
    <IfModule mod_alias.c>
        Alias "/icons/" "/var/www/icons/"
    </IfModule>
    <IfModule mod_ssl.c>
        RewriteEngine on
        RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
    </IfModule>
</VirtualHost>

# <IfModule mod_ssl.c>
#     <VirtualHost *:443>
#         ServerName api.example.org:443
#         ServerAdmin www@example.org
#         DocumentRoot /var/www/api.example.org
#         DirectoryIndex "index.html" "index.php"
#         CustomLog "/var/log/apache2/api.example.org-access.log" combined
#         ErrorLog "/var/log/apache2/api.example.org-error.log"
#         LogLevel warn
#         <Directory "/var/www/api.example.org">
#         RewriteEngine Off
#             Options All +MultiViews -ExecCGI -Indexes -Includes
#             AllowOverride All
#         </Directory>
#         ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
#         <Directory "/var/www/api.example.org/cgi-bin/">
#             RewriteEngine Off
#             Options All +Includes +ExecCGI -Indexes +MultiViews
#             AllowOverride All
#             SetHandler cgi-script
#             AcceptPathInfo On
#             Require all granted
#         </Directory>
#         <IfModule mod_perl.c>
#             PerlOptions        +GlobalRequest
#             PerlPassEnv        MOD_PERL
#             PerlPassEnv        HOME
#             PerlPassEnv        SERVER_NAME
#             PerlPassEnv        HTTP_HOST
#             PerlPassEnv        REMOTE_ADDR
#             PerlPassEnv        REMOTE_HOST
#             PerlPassEnv        PATH_INFO
#             PerlPassEnv        LC_MESSAGES
#             PerlPassEnv        LANGUAGE
#             PerlModule        Apache2::Request
#             PerlModule        Apache2::Status
#             PerlModule        Apache::DBI
#             <Location />
#                 SetHandler        modperl
#                 PerlHandler        Apache::Registry
#                 PerlSendHeader      On
#                 PerlSetupEnv        On
#                 PerlOptions        +GlobalRequest
#                 Options            +Includes +ExecCGI
#                 Order allow,deny
#                 Allow from all
#             </Location>
#         </IfModule>
#
#         SSLCertificateFile /etc/ssl/private/api.example.org/cert.pem
#         SSLCertificateKeyFile /etc/ssl/private/api.example.org/privkey.pem
#         Include /etc/ssl/options-ssl-apache.conf
#
#         <IfModule mod_alias.c>
#             Alias "/icons/" "/var/www/icons/"
#         </IfModule>
#     </Virtualhost>
# </IfModule>
----


On 2022/07/03 19:00, Yong Walt wrote:
> but that vhost has a modperl handler as the endpoint only.
>
> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya <mithnb@gmail.com>
> wrote:
>
> You don't enable SSL for a endpoint you do it for a host/port
> combination. All endpoints under that virtual host is SSL enabled.
>
> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:
>
> Hello
>
> When I run certbot --apache for modperl handler service, it
> doesn't work.
> So how can I setup letsencrypt SSL for a pure handler web API?
>
> Thanks
>

This is my httpd.conf.

<VirtualHost *:80>

ServerAdmin webmaster@localhost

ServerName luck.cloudcache.net



PerlPostConfigRequire /etc/apache2/modperl/startup.pl


<Location />

SetHandler modperl

PerlResponseHandler LuckyNum

</Location>



ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

CustomLog ${APACHE_LOG_DIR}/luck.access.log combined


</VirtualHost>



How do you think I can set up the SSL?


I asked it just b/c "certbot --apache" doesn't work for this handler.


Thanks.

On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp> wrote:

> You do not even need to have a virtualhost with ssl enabled for certbot to
> work.
> You can have a simple VirtualHost responding to regular 80 port, then get
> the ssl certificate, then add the VirtualHost for SSL and all your modperl
> specifications to it. Something like the following, and once you got the
> certificate, you uncomment the 2nd part.
>
> ----
> <Virtualhost *:80>
> ServerName api.example.org:80
> ServerAdmin www@example.org
> DocumentRoot /var/www/api.example.org
> DirectoryIndex "index.html" "index.pl" "index.php"
> CustomLog "/var/log/apache2/api.example.org-access.log" combined
> ErrorLog "/var/log/apache2/api.example.org-error.log"
> LogLevel warn
> <Directory "/var/www/api.example.org">
> Options All +MultiViews -ExecCGI -Indexes -Includes
> AllowOverride All
> </Directory>
> ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
> <IfModule mod_alias.c>
> Alias "/icons/" "/var/www/icons/"
> </IfModule>
> <IfModule mod_ssl.c>
> RewriteEngine on
> RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
> </IfModule>
> </VirtualHost>
>
> # <IfModule mod_ssl.c>
> # <VirtualHost *:443>
> # ServerName api.example.org:443
> # ServerAdmin www@example.org
> # DocumentRoot /var/www/api.example.org
> # DirectoryIndex "index.html" "index.php"
> # CustomLog "/var/log/apache2/api.example.org-access.log" combined
> # ErrorLog "/var/log/apache2/api.example.org-error.log"
> # LogLevel warn
> # <Directory "/var/www/api.example.org">
> # RewriteEngine Off
> # Options All +MultiViews -ExecCGI -Indexes -Includes
> # AllowOverride All
> # </Directory>
> # ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
> # <Directory "/var/www/api.example.org/cgi-bin/">
> # RewriteEngine Off
> # Options All +Includes +ExecCGI -Indexes +MultiViews
> # AllowOverride All
> # SetHandler cgi-script
> # AcceptPathInfo On
> # Require all granted
> # </Directory>
> # <IfModule mod_perl.c>
> # PerlOptions +GlobalRequest
> # PerlPassEnv MOD_PERL
> # PerlPassEnv HOME
> # PerlPassEnv SERVER_NAME
> # PerlPassEnv HTTP_HOST
> # PerlPassEnv REMOTE_ADDR
> # PerlPassEnv REMOTE_HOST
> # PerlPassEnv PATH_INFO
> # PerlPassEnv LC_MESSAGES
> # PerlPassEnv LANGUAGE
> # PerlModule Apache2::Request
> # PerlModule Apache2::Status
> # PerlModule Apache::DBI
> # <Location />
> # SetHandler modperl
> # PerlHandler Apache::Registry
> # PerlSendHeader On
> # PerlSetupEnv On
> # PerlOptions +GlobalRequest
> # Options +Includes +ExecCGI
> # Order allow,deny
> # Allow from all
> # </Location>
> # </IfModule>
> #
> # SSLCertificateFile /etc/ssl/private/api.example.org/cert.pem
> # SSLCertificateKeyFile /etc/ssl/private/
> api.example.org/privkey.pem
> # Include /etc/ssl/options-ssl-apache.conf
> #
> # <IfModule mod_alias.c>
> # Alias "/icons/" "/var/www/icons/"
> # </IfModule>
> # </Virtualhost>
> # </IfModule>
> ----
>
>
> On 2022/07/03 19:00, Yong Walt wrote:
>
> but that vhost has a modperl handler as the endpoint only.
>
> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya <mithnb@gmail.com>
> wrote:
>
>> You don't enable SSL for a endpoint you do it for a host/port
>> combination. All endpoints under that virtual host is SSL enabled.
>>
>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:
>>
>>> Hello
>>>
>>> When I run certbot --apache for modperl handler service, it doesn't work.
>>> So how can I setup letsencrypt SSL for a pure handler web API?
>>>
>>> Thanks
>>>
>>
>

Sure, comment out all the perl stuff that are not required for certbot
to work, run something like:
certbot certonly --rsa-key-size 4096 --agree-tos --email
yongwalt@gmail.com -d luck.cloudcache.net
Get the cert, and then after uncomment what you previously commented
out. It should work.

Regards,
Jacques

On 2022/07/03 19:29, Yong Walt wrote:
> This is my httpd.conf.
>
> <VirtualHost *:80>
>
> ServerAdmin webmaster@localhost
>
> ServerName luck.cloudcache.net <http://luck.cloudcache.net>
>
> PerlPostConfigRequire /etc/apache2/modperl/startup.pl <http://startup.pl>
>
>
> <Location />
>
> SetHandler modperl
>
> PerlResponseHandler LuckyNum
>
> </Location>
>
>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
>
> LogLevel warn
>
> CustomLog ${APACHE_LOG_DIR}/luck.access.log combined
>
>
> </VirtualHost>
>
>
>
> How do you think I can set up the SSL?
>
>
> I asked it just b/c "certbot --apache" doesn't work for this handler.
>
>
> Thanks.
>
>
> On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp> wrote:
>
> You do not even need to have a virtualhost with ssl enabled for
> certbot to work.
> You can have a simple VirtualHost responding to regular 80 port,
> then get the ssl certificate, then add the VirtualHost for SSL and
> all your modperl specifications to it. Something like the
> following, and once you got the certificate, you uncomment the 2nd
> part.
>
> ----
> <Virtualhost *:80>
>     ServerName api.example.org:80 <http://api.example.org:80>
>     ServerAdmin www@example.org
>     DocumentRoot /var/www/api.example.org <http://api.example.org>
>     DirectoryIndex "index.html" "index.pl <http://index.pl>"
> "index.php"
>     CustomLog "/var/log/apache2/api.example.org-access.log" combined
>     ErrorLog "/var/log/apache2/api.example.org-error.log"
>     LogLevel warn
>     <Directory "/var/www/api.example.org <http://api.example.org>">
>         Options All +MultiViews -ExecCGI -Indexes -Includes
>         AllowOverride All
>     </Directory>
>     ScriptAlias     "/cgi-bin/"    
> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
>     <IfModule mod_alias.c>
>         Alias "/icons/" "/var/www/icons/"
>     </IfModule>
>     <IfModule mod_ssl.c>
>         RewriteEngine on
>         RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
>     </IfModule>
> </VirtualHost>
>
> # <IfModule mod_ssl.c>
> #     <VirtualHost *:443>
> #         ServerName api.example.org:443 <http://api.example.org:443>
> #         ServerAdmin www@example.org
> #         DocumentRoot /var/www/api.example.org
> <http://api.example.org>
> #         DirectoryIndex "index.html" "index.php"
> #         CustomLog "/var/log/apache2/api.example.org-access.log"
> combined
> #         ErrorLog "/var/log/apache2/api.example.org-error.log"
> #         LogLevel warn
> #         <Directory "/var/www/api.example.org
> <http://api.example.org>">
> #         RewriteEngine Off
> #             Options All +MultiViews -ExecCGI -Indexes -Includes
> #             AllowOverride All
> #         </Directory>
> #         ScriptAlias "/cgi-bin/"    
> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
> #         <Directory "/var/www/api.example.org/cgi-bin/
> <http://api.example.org/cgi-bin/>">
> #             RewriteEngine Off
> #             Options All +Includes +ExecCGI -Indexes +MultiViews
> #             AllowOverride All
> #             SetHandler cgi-script
> #             AcceptPathInfo On
> #             Require all granted
> #         </Directory>
> #         <IfModule mod_perl.c>
> #             PerlOptions        +GlobalRequest
> #             PerlPassEnv        MOD_PERL
> #             PerlPassEnv        HOME
> #             PerlPassEnv        SERVER_NAME
> #             PerlPassEnv        HTTP_HOST
> #             PerlPassEnv        REMOTE_ADDR
> #             PerlPassEnv        REMOTE_HOST
> #             PerlPassEnv        PATH_INFO
> #             PerlPassEnv        LC_MESSAGES
> #             PerlPassEnv        LANGUAGE
> #             PerlModule        Apache2::Request
> #             PerlModule        Apache2::Status
> #             PerlModule        Apache::DBI
> #             <Location />
> #                 SetHandler        modperl
> #                 PerlHandler        Apache::Registry
> #                 PerlSendHeader      On
> #                 PerlSetupEnv        On
> #                 PerlOptions        +GlobalRequest
> #                 Options            +Includes +ExecCGI
> #                 Order allow,deny
> #                 Allow from all
> #             </Location>
> #         </IfModule>
> #
> #         SSLCertificateFile
> /etc/ssl/private/api.example.org/cert.pem
> <http://api.example.org/cert.pem>
> #         SSLCertificateKeyFile
> /etc/ssl/private/api.example.org/privkey.pem
> <http://api.example.org/privkey.pem>
> #         Include /etc/ssl/options-ssl-apache.conf
> #
> #         <IfModule mod_alias.c>
> #             Alias "/icons/" "/var/www/icons/"
> #         </IfModule>
> #     </Virtualhost>
> # </IfModule>
> ----
>
>
> On 2022/07/03 19:00, Yong Walt wrote:
>> but that vhost has a modperl handler as the endpoint only.
>>
>> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya
>> <mithnb@gmail.com> wrote:
>>
>> You don't enable SSL for a endpoint you do it for a host/port
>> combination. All endpoints under that virtual host is SSL
>> enabled.
>>
>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com>
>> wrote:
>>
>> Hello
>>
>> When I run certbot --apache for modperl handler service,
>> it doesn't work.
>> So how can I setup letsencrypt SSL for a pure handler web
>> API?
>>
>> Thanks
>>
>

Re,
You're probably going to need a DocRoot directive somewhere though.
You might want to check the sanity of your configuration with Apache
command line -t flag

On 2022/07/03 19:32, Jacques Deguest wrote:
> Sure, comment out all the perl stuff that are not required for certbot
> to work, run something like:
> certbot certonly --rsa-key-size 4096 --agree-tos --email
> yongwalt@gmail.com -d luck.cloudcache.net
> Get the cert, and then after uncomment what you previously commented
> out. It should work.
>
> Regards,
> Jacques
>
> On 2022/07/03 19:29, Yong Walt wrote:
>> This is my httpd.conf.
>>
>> <VirtualHost *:80>
>>
>> ServerAdmin webmaster@localhost
>>
>> ServerName luck.cloudcache.net <http://luck.cloudcache.net>
>>
>> PerlPostConfigRequire /etc/apache2/modperl/startup.pl <http://startup.pl>
>>
>>
>> <Location />
>>
>> SetHandler modperl
>>
>> PerlResponseHandler LuckyNum
>>
>> </Location>
>>
>>
>>
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>
>> LogLevel warn
>>
>> CustomLog ${APACHE_LOG_DIR}/luck.access.log combined
>>
>>
>> </VirtualHost>
>>
>>
>>
>> How do you think I can set up the SSL?
>>
>>
>> I asked it just b/c "certbot --apache" doesn't work for this handler.
>>
>>
>> Thanks.
>>
>>
>> On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp> wrote:
>>
>> You do not even need to have a virtualhost with ssl enabled for
>> certbot to work.
>> You can have a simple VirtualHost responding to regular 80 port,
>> then get the ssl certificate, then add the VirtualHost for SSL
>> and all your modperl specifications to it. Something like the
>> following, and once you got the certificate, you uncomment the
>> 2nd part.
>>
>> ----
>> <Virtualhost *:80>
>>     ServerName api.example.org:80 <http://api.example.org:80>
>>     ServerAdmin www@example.org
>>     DocumentRoot /var/www/api.example.org <http://api.example.org>
>>     DirectoryIndex "index.html" "index.pl <http://index.pl>"
>> "index.php"
>>     CustomLog "/var/log/apache2/api.example.org-access.log" combined
>>     ErrorLog "/var/log/apache2/api.example.org-error.log"
>>     LogLevel warn
>>     <Directory "/var/www/api.example.org <http://api.example.org>">
>>         Options All +MultiViews -ExecCGI -Indexes -Includes
>>         AllowOverride All
>>     </Directory>
>>     ScriptAlias     "/cgi-bin/"    
>> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
>>     <IfModule mod_alias.c>
>>         Alias "/icons/" "/var/www/icons/"
>>     </IfModule>
>>     <IfModule mod_ssl.c>
>>         RewriteEngine on
>>         RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
>>     </IfModule>
>> </VirtualHost>
>>
>> # <IfModule mod_ssl.c>
>> #     <VirtualHost *:443>
>> #         ServerName api.example.org:443 <http://api.example.org:443>
>> #         ServerAdmin www@example.org
>> #         DocumentRoot /var/www/api.example.org
>> <http://api.example.org>
>> #         DirectoryIndex "index.html" "index.php"
>> #         CustomLog "/var/log/apache2/api.example.org-access.log"
>> combined
>> #         ErrorLog "/var/log/apache2/api.example.org-error.log"
>> #         LogLevel warn
>> #         <Directory "/var/www/api.example.org
>> <http://api.example.org>">
>> #         RewriteEngine Off
>> #             Options All +MultiViews -ExecCGI -Indexes -Includes
>> #             AllowOverride All
>> #         </Directory>
>> #         ScriptAlias "/cgi-bin/"    
>> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
>> #         <Directory "/var/www/api.example.org/cgi-bin/
>> <http://api.example.org/cgi-bin/>">
>> #             RewriteEngine Off
>> #             Options All +Includes +ExecCGI -Indexes +MultiViews
>> #             AllowOverride All
>> #             SetHandler cgi-script
>> #             AcceptPathInfo On
>> #             Require all granted
>> #         </Directory>
>> #         <IfModule mod_perl.c>
>> #             PerlOptions        +GlobalRequest
>> #             PerlPassEnv        MOD_PERL
>> #             PerlPassEnv        HOME
>> #             PerlPassEnv        SERVER_NAME
>> #             PerlPassEnv        HTTP_HOST
>> #             PerlPassEnv        REMOTE_ADDR
>> #             PerlPassEnv        REMOTE_HOST
>> #             PerlPassEnv        PATH_INFO
>> #             PerlPassEnv        LC_MESSAGES
>> #             PerlPassEnv        LANGUAGE
>> #             PerlModule        Apache2::Request
>> #             PerlModule        Apache2::Status
>> #             PerlModule        Apache::DBI
>> #             <Location />
>> #                 SetHandler        modperl
>> #                 PerlHandler        Apache::Registry
>> #                 PerlSendHeader      On
>> #                 PerlSetupEnv        On
>> #                 PerlOptions        +GlobalRequest
>> #                 Options            +Includes +ExecCGI
>> #                 Order allow,deny
>> #                 Allow from all
>> #             </Location>
>> #         </IfModule>
>> #
>> #         SSLCertificateFile
>> /etc/ssl/private/api.example.org/cert.pem
>> <http://api.example.org/cert.pem>
>> #         SSLCertificateKeyFile
>> /etc/ssl/private/api.example.org/privkey.pem
>> <http://api.example.org/privkey.pem>
>> #         Include /etc/ssl/options-ssl-apache.conf
>> #
>> #         <IfModule mod_alias.c>
>> #             Alias "/icons/" "/var/www/icons/"
>> #         </IfModule>
>> #     </Virtualhost>
>> # </IfModule>
>> ----
>>
>>
>> On 2022/07/03 19:00, Yong Walt wrote:
>>> but that vhost has a modperl handler as the endpoint only.
>>>
>>> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya
>>> <mithnb@gmail.com> wrote:
>>>
>>> You don't enable SSL for a endpoint you do it for a
>>> host/port combination. All endpoints under that virtual host
>>> is SSL enabled.
>>>
>>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com>
>>> wrote:
>>>
>>> Hello
>>>
>>> When I run certbot --apache for modperl handler service,
>>> it doesn't work.
>>> So how can I setup letsencrypt SSL for a pure handler
>>> web API?
>>>
>>> Thanks
>>>
>>
>

Thank you Jack.
The problem I have is that I don't have a DocRoot IMO.
I will check this configuration.

Regards.


On Sun, Jul 3, 2022 at 7:53 PM Jacques Deguest <jack@deguest.jp> wrote:

> Re,
> You're probably going to need a DocRoot directive somewhere though.
> You might want to check the sanity of your configuration with Apache
> command line -t flag
>
> On 2022/07/03 19:32, Jacques Deguest wrote:
>
> Sure, comment out all the perl stuff that are not required for certbot to
> work, run something like:
> certbot certonly --rsa-key-size 4096 --agree-tos --email
> yongwalt@gmail.com -d luck.cloudcache.net
> Get the cert, and then after uncomment what you previously commented out.
> It should work.
>
> Regards,
> Jacques
>
> On 2022/07/03 19:29, Yong Walt wrote:
>
> This is my httpd.conf.
>
> <VirtualHost *:80>
>
> ServerAdmin webmaster@localhost
>
> ServerName luck.cloudcache.net
>
>
>
> PerlPostConfigRequire /etc/apache2/modperl/startup.pl
>
>
> <Location />
>
> SetHandler modperl
>
> PerlResponseHandler LuckyNum
>
> </Location>
>
>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
>
> LogLevel warn
>
> CustomLog ${APACHE_LOG_DIR}/luck.access.log combined
>
>
> </VirtualHost>
>
>
>
> How do you think I can set up the SSL?
>
>
> I asked it just b/c "certbot --apache" doesn't work for this handler.
>
>
> Thanks.
>
> On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp> wrote:
>
>> You do not even need to have a virtualhost with ssl enabled for certbot
>> to work.
>> You can have a simple VirtualHost responding to regular 80 port, then get
>> the ssl certificate, then add the VirtualHost for SSL and all your modperl
>> specifications to it. Something like the following, and once you got the
>> certificate, you uncomment the 2nd part.
>>
>> ----
>> <Virtualhost *:80>
>> ServerName api.example.org:80
>> ServerAdmin www@example.org
>> DocumentRoot /var/www/api.example.org
>> DirectoryIndex "index.html" "index.pl" "index.php"
>> CustomLog "/var/log/apache2/api.example.org-access.log" combined
>> ErrorLog "/var/log/apache2/api.example.org-error.log"
>> LogLevel warn
>> <Directory "/var/www/api.example.org">
>> Options All +MultiViews -ExecCGI -Indexes -Includes
>> AllowOverride All
>> </Directory>
>> ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
>> <IfModule mod_alias.c>
>> Alias "/icons/" "/var/www/icons/"
>> </IfModule>
>> <IfModule mod_ssl.c>
>> RewriteEngine on
>> RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
>> </IfModule>
>> </VirtualHost>
>>
>> # <IfModule mod_ssl.c>
>> # <VirtualHost *:443>
>> # ServerName api.example.org:443
>> # ServerAdmin www@example.org
>> # DocumentRoot /var/www/api.example.org
>> # DirectoryIndex "index.html" "index.php"
>> # CustomLog "/var/log/apache2/api.example.org-access.log" combined
>> # ErrorLog "/var/log/apache2/api.example.org-error.log"
>> # LogLevel warn
>> # <Directory "/var/www/api.example.org">
>> # RewriteEngine Off
>> # Options All +MultiViews -ExecCGI -Indexes -Includes
>> # AllowOverride All
>> # </Directory>
>> # ScriptAlias "/cgi-bin/" "/var/www/api.example.org/cgi-bin/"
>> # <Directory "/var/www/api.example.org/cgi-bin/">
>> # RewriteEngine Off
>> # Options All +Includes +ExecCGI -Indexes +MultiViews
>> # AllowOverride All
>> # SetHandler cgi-script
>> # AcceptPathInfo On
>> # Require all granted
>> # </Directory>
>> # <IfModule mod_perl.c>
>> # PerlOptions +GlobalRequest
>> # PerlPassEnv MOD_PERL
>> # PerlPassEnv HOME
>> # PerlPassEnv SERVER_NAME
>> # PerlPassEnv HTTP_HOST
>> # PerlPassEnv REMOTE_ADDR
>> # PerlPassEnv REMOTE_HOST
>> # PerlPassEnv PATH_INFO
>> # PerlPassEnv LC_MESSAGES
>> # PerlPassEnv LANGUAGE
>> # PerlModule Apache2::Request
>> # PerlModule Apache2::Status
>> # PerlModule Apache::DBI
>> # <Location />
>> # SetHandler modperl
>> # PerlHandler Apache::Registry
>> # PerlSendHeader On
>> # PerlSetupEnv On
>> # PerlOptions +GlobalRequest
>> # Options +Includes +ExecCGI
>> # Order allow,deny
>> # Allow from all
>> # </Location>
>> # </IfModule>
>> #
>> # SSLCertificateFile /etc/ssl/private/api.example.org/cert.pem
>> # SSLCertificateKeyFile /etc/ssl/private/
>> api.example.org/privkey.pem
>> # Include /etc/ssl/options-ssl-apache.conf
>> #
>> # <IfModule mod_alias.c>
>> # Alias "/icons/" "/var/www/icons/"
>> # </IfModule>
>> # </Virtualhost>
>> # </IfModule>
>> ----
>>
>>
>> On 2022/07/03 19:00, Yong Walt wrote:
>>
>> but that vhost has a modperl handler as the endpoint only.
>>
>> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya <mithnb@gmail.com>
>> wrote:
>>
>>> You don't enable SSL for a endpoint you do it for a host/port
>>> combination. All endpoints under that virtual host is SSL enabled.
>>>
>>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:
>>>
>>>> Hello
>>>>
>>>> When I run certbot --apache for modperl handler service, it doesn't
>>>> work.
>>>> So how can I setup letsencrypt SSL for a pure handler web API?
>>>>
>>>> Thanks
>>>>
>>>
>>
>
>

I see, but you need to make one up, just for certbot, because it will
store there some temporary file under the ".well-known" directory to
ensure you are who you pretend to be.

On 2022/07/04 11:29, Yong Walt wrote:
> Thank you Jack.
> The problem I have is that I don't have a DocRoot IMO.
> I will check this configuration.
>
> Regards.
>
>
> On Sun, Jul 3, 2022 at 7:53 PM Jacques Deguest <jack@deguest.jp> wrote:
>
> Re,
> You're probably going to need a DocRoot directive somewhere though.
> You might want to check the sanity of your configuration with
> Apache command line -t flag
>
> On 2022/07/03 19:32, Jacques Deguest wrote:
>> Sure, comment out all the perl stuff that are not required for
>> certbot to work, run something like:
>> certbot certonly --rsa-key-size 4096 --agree-tos --email
>> yongwalt@gmail.com -d luck.cloudcache.net
>> <http://luck.cloudcache.net>
>> Get the cert, and then after uncomment what you previously
>> commented out. It should work.
>>
>> Regards,
>> Jacques
>>
>> On 2022/07/03 19:29, Yong Walt wrote:
>>> This is my httpd.conf.
>>>
>>> <VirtualHost *:80>
>>>
>>> ServerAdmin webmaster@localhost
>>>
>>> ServerName luck.cloudcache.net <http://luck.cloudcache.net>
>>>
>>> PerlPostConfigRequire /etc/apache2/modperl/startup.pl
>>> <http://startup.pl>
>>>
>>>
>>> <Location />
>>>
>>> SetHandler modperl
>>>
>>> PerlResponseHandler LuckyNum
>>>
>>> </Location>
>>>
>>>
>>>
>>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>>
>>> LogLevel warn
>>>
>>> CustomLog ${APACHE_LOG_DIR}/luck.access.log combined
>>>
>>>
>>> </VirtualHost>
>>>
>>>
>>>
>>> How do you think I can set up the SSL?
>>>
>>>
>>> I asked it just b/c "certbot --apache" doesn't work for this
>>> handler.
>>>
>>>
>>> Thanks.
>>>
>>>
>>> On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp>
>>> wrote:
>>>
>>> You do not even need to have a virtualhost with ssl enabled
>>> for certbot to work.
>>> You can have a simple VirtualHost responding to regular 80
>>> port, then get the ssl certificate, then add the VirtualHost
>>> for SSL and all your modperl specifications to it. Something
>>> like the following, and once you got the certificate, you
>>> uncomment the 2nd part.
>>>
>>> ----
>>> <Virtualhost *:80>
>>>     ServerName api.example.org:80 <http://api.example.org:80>
>>>     ServerAdmin www@example.org
>>>     DocumentRoot /var/www/api.example.org
>>> <http://api.example.org>
>>>     DirectoryIndex "index.html" "index.pl <http://index.pl>"
>>> "index.php"
>>>     CustomLog "/var/log/apache2/api.example.org-access.log"
>>> combined
>>>     ErrorLog "/var/log/apache2/api.example.org-error.log"
>>>     LogLevel warn
>>>     <Directory "/var/www/api.example.org
>>> <http://api.example.org>">
>>>         Options All +MultiViews -ExecCGI -Indexes -Includes
>>>         AllowOverride All
>>>     </Directory>
>>>     ScriptAlias     "/cgi-bin/"    
>>> "/var/www/api.example.org/cgi-bin/
>>> <http://api.example.org/cgi-bin/>"
>>>     <IfModule mod_alias.c>
>>>         Alias "/icons/" "/var/www/icons/"
>>>     </IfModule>
>>>     <IfModule mod_ssl.c>
>>>         RewriteEngine on
>>>         RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
>>>     </IfModule>
>>> </VirtualHost>
>>>
>>> # <IfModule mod_ssl.c>
>>> #     <VirtualHost *:443>
>>> #         ServerName api.example.org:443
>>> <http://api.example.org:443>
>>> #         ServerAdmin www@example.org
>>> #         DocumentRoot /var/www/api.example.org
>>> <http://api.example.org>
>>> #         DirectoryIndex "index.html" "index.php"
>>> #         CustomLog
>>> "/var/log/apache2/api.example.org-access.log" combined
>>> #         ErrorLog "/var/log/apache2/api.example.org-error.log"
>>> #         LogLevel warn
>>> #         <Directory "/var/www/api.example.org
>>> <http://api.example.org>">
>>> #         RewriteEngine Off
>>> #             Options All +MultiViews -ExecCGI -Indexes
>>> -Includes
>>> #             AllowOverride All
>>> #         </Directory>
>>> #         ScriptAlias "/cgi-bin/"    
>>> "/var/www/api.example.org/cgi-bin/
>>> <http://api.example.org/cgi-bin/>"
>>> #         <Directory "/var/www/api.example.org/cgi-bin/
>>> <http://api.example.org/cgi-bin/>">
>>> #             RewriteEngine Off
>>> #             Options All +Includes +ExecCGI -Indexes
>>> +MultiViews
>>> #             AllowOverride All
>>> #             SetHandler cgi-script
>>> #             AcceptPathInfo On
>>> #             Require all granted
>>> #         </Directory>
>>> #         <IfModule mod_perl.c>
>>> #             PerlOptions        +GlobalRequest
>>> #             PerlPassEnv        MOD_PERL
>>> #             PerlPassEnv        HOME
>>> #             PerlPassEnv        SERVER_NAME
>>> #             PerlPassEnv        HTTP_HOST
>>> #             PerlPassEnv        REMOTE_ADDR
>>> #             PerlPassEnv        REMOTE_HOST
>>> #             PerlPassEnv        PATH_INFO
>>> #             PerlPassEnv        LC_MESSAGES
>>> #             PerlPassEnv        LANGUAGE
>>> #             PerlModule        Apache2::Request
>>> #             PerlModule        Apache2::Status
>>> #             PerlModule        Apache::DBI
>>> #             <Location />
>>> #                 SetHandler        modperl
>>> #                 PerlHandler Apache::Registry
>>> #                 PerlSendHeader      On
>>> #                 PerlSetupEnv        On
>>> #                 PerlOptions +GlobalRequest
>>> #                 Options            +Includes +ExecCGI
>>> #                 Order allow,deny
>>> #                 Allow from all
>>> #             </Location>
>>> #         </IfModule>
>>> #
>>> #         SSLCertificateFile
>>> /etc/ssl/private/api.example.org/cert.pem
>>> <http://api.example.org/cert.pem>
>>> #         SSLCertificateKeyFile
>>> /etc/ssl/private/api.example.org/privkey.pem
>>> <http://api.example.org/privkey.pem>
>>> #         Include /etc/ssl/options-ssl-apache.conf
>>> #
>>> #         <IfModule mod_alias.c>
>>> #             Alias "/icons/" "/var/www/icons/"
>>> #         </IfModule>
>>> #     </Virtualhost>
>>> # </IfModule>
>>> ----
>>>
>>>
>>> On 2022/07/03 19:00, Yong Walt wrote:
>>>> but that vhost has a modperl handler as the endpoint only.
>>>>
>>>> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya
>>>> <mithnb@gmail.com> wrote:
>>>>
>>>> You don't enable SSL for a endpoint you do it for a
>>>> host/port combination. All endpoints under that virtual
>>>> host is SSL enabled.
>>>>
>>>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt
>>>> <yongwalt@gmail.com> wrote:
>>>>
>>>> Hello
>>>>
>>>> When I run certbot --apache for modperl handler
>>>> service, it doesn't work.
>>>> So how can I setup letsencrypt SSL for a pure
>>>> handler web API?
>>>>
>>>> Thanks
>>>>
>>>
>>
>

I might add that certbot is insecure from the ground up because it
requires you to leave priveledged areas of your system exposed.

It is a good idea that is poorly thought out and poorly executed


On Sat, Jul 02, 2022 at 09:18:47PM -0700, Mithun Bhattacharya wrote:
> You don't enable SSL for a endpoint you do it for a host/port combination.
> All endpoints under that virtual host is SSL enabled.
>
> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com> wrote:
>
> > Hello
> >
> > When I run certbot --apache for modperl handler service, it doesn't work.
> > So how can I setup letsencrypt SSL for a pure handler web API?
> >
> > Thanks
> >

--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

On Sun, Jul 03, 2022 at 08:52:51PM +0900, Jacques Deguest wrote:
> Re,
> You're probably going to need a DocRoot directive somewhere though.
> You might want to check the sanity of your configuration with Apache
> command line -t flag
>


???????

> On 2022/07/03 19:32, Jacques Deguest wrote:
> >Sure, comment out all the perl stuff that are not required for
> >certbot to work, run something like:
> >certbot certonly --rsa-key-size 4096 --agree-tos --email
> >yongwalt@gmail.com -d luck.cloudcache.net
> >Get the cert, and then after uncomment what you previously
> >commented out. It should work.
> >
> >Regards,
> >Jacques
> >
> >On 2022/07/03 19:29, Yong Walt wrote:
> >>This is my httpd.conf.
> >>
> >><VirtualHost *:80>
> >>
> >>ServerAdmin webmaster@localhost
> >>
> >>ServerName luck.cloudcache.net <http://luck.cloudcache.net>
> >>
> >>PerlPostConfigRequire /etc/apache2/modperl/startup.pl <http://startup.pl>
> >>
> >>
> >><Location />
> >>
> >>SetHandler modperl
> >>
> >>PerlResponseHandler LuckyNum
> >>
> >></Location>
> >>
> >>
> >>
> >>ErrorLog ${APACHE_LOG_DIR}/error.log
> >>
> >>LogLevel warn
> >>
> >>CustomLog ${APACHE_LOG_DIR}/luck.access.log combined
> >>
> >>
> >></VirtualHost>
> >>
> >>
> >>
> >>How do you think I can set up the SSL?
> >>
> >>
> >>I asked it just b/c "certbot --apache" doesn't work for this handler.
> >>
> >>
> >>Thanks.
> >>
> >>
> >>On Sun, Jul 3, 2022 at 6:24 PM Jacques Deguest <jack@deguest.jp> wrote:
> >>
> >> You do not even need to have a virtualhost with ssl enabled for
> >> certbot to work.
> >> You can have a simple VirtualHost responding to regular 80 port,
> >> then get the ssl certificate, then add the VirtualHost for SSL
> >> and all your modperl specifications to it. Something like the
> >> following, and once you got the certificate, you uncomment the
> >> 2nd part.
> >>
> >> ----
> >> <Virtualhost *:80>
> >>     ServerName api.example.org:80 <http://api.example.org:80>
> >>     ServerAdmin www@example.org
> >>     DocumentRoot /var/www/api.example.org <http://api.example.org>
> >>     DirectoryIndex "index.html" "index.pl <http://index.pl>"
> >> "index.php"
> >>     CustomLog "/var/log/apache2/api.example.org-access.log" combined
> >>     ErrorLog "/var/log/apache2/api.example.org-error.log"
> >>     LogLevel warn
> >>     <Directory "/var/www/api.example.org <http://api.example.org>">
> >>         Options All +MultiViews -ExecCGI -Indexes -Includes
> >>         AllowOverride All
> >>     </Directory>
> >>     ScriptAlias     "/cgi-bin/"    
> >> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
> >>     <IfModule mod_alias.c>
> >>         Alias "/icons/" "/var/www/icons/"
> >>     </IfModule>
> >>     <IfModule mod_ssl.c>
> >>         RewriteEngine on
> >>         RewriteRule ^\/?(.*)$ https://%{SERVER_NAME}/$1 [R,L]
> >>     </IfModule>
> >> </VirtualHost>
> >>
> >> # <IfModule mod_ssl.c>
> >> #     <VirtualHost *:443>
> >> #         ServerName api.example.org:443 <http://api.example.org:443>
> >> #         ServerAdmin www@example.org
> >> #         DocumentRoot /var/www/api.example.org
> >> <http://api.example.org>
> >> #         DirectoryIndex "index.html" "index.php"
> >> #         CustomLog "/var/log/apache2/api.example.org-access.log"
> >> combined
> >> #         ErrorLog "/var/log/apache2/api.example.org-error.log"
> >> #         LogLevel warn
> >> #         <Directory "/var/www/api.example.org
> >> <http://api.example.org>">
> >> #         RewriteEngine Off
> >> #             Options All +MultiViews -ExecCGI -Indexes -Includes
> >> #             AllowOverride All
> >> #         </Directory>
> >> #         ScriptAlias "/cgi-bin/"    
> >> "/var/www/api.example.org/cgi-bin/ <http://api.example.org/cgi-bin/>"
> >> #         <Directory "/var/www/api.example.org/cgi-bin/
> >> <http://api.example.org/cgi-bin/>">
> >> #             RewriteEngine Off
> >> #             Options All +Includes +ExecCGI -Indexes +MultiViews
> >> #             AllowOverride All
> >> #             SetHandler cgi-script
> >> #             AcceptPathInfo On
> >> #             Require all granted
> >> #         </Directory>
> >> #         <IfModule mod_perl.c>
> >> #             PerlOptions        +GlobalRequest
> >> #             PerlPassEnv        MOD_PERL
> >> #             PerlPassEnv        HOME
> >> #             PerlPassEnv        SERVER_NAME
> >> #             PerlPassEnv        HTTP_HOST
> >> #             PerlPassEnv        REMOTE_ADDR
> >> #             PerlPassEnv        REMOTE_HOST
> >> #             PerlPassEnv        PATH_INFO
> >> #             PerlPassEnv        LC_MESSAGES
> >> #             PerlPassEnv        LANGUAGE
> >> #             PerlModule        Apache2::Request
> >> #             PerlModule        Apache2::Status
> >> #             PerlModule        Apache::DBI
> >> #             <Location />
> >> #                 SetHandler        modperl
> >> #                 PerlHandler        Apache::Registry
> >> #                 PerlSendHeader      On
> >> #                 PerlSetupEnv        On
> >> #                 PerlOptions        +GlobalRequest
> >> #                 Options            +Includes +ExecCGI
> >> #                 Order allow,deny
> >> #                 Allow from all
> >> #             </Location>
> >> #         </IfModule>
> >> #
> >> #         SSLCertificateFile
> >> /etc/ssl/private/api.example.org/cert.pem
> >> <http://api.example.org/cert.pem>
> >> #         SSLCertificateKeyFile
> >> /etc/ssl/private/api.example.org/privkey.pem
> >> <http://api.example.org/privkey.pem>
> >> #         Include /etc/ssl/options-ssl-apache.conf
> >> #
> >> #         <IfModule mod_alias.c>
> >> #             Alias "/icons/" "/var/www/icons/"
> >> #         </IfModule>
> >> #     </Virtualhost>
> >> # </IfModule>
> >> ----
> >>
> >>
> >> On 2022/07/03 19:00, Yong Walt wrote:
> >>> but that vhost has a modperl handler as the endpoint only.
> >>>
> >>> On Sun, Jul 3, 2022 at 12:19 PM Mithun Bhattacharya
> >>> <mithnb@gmail.com> wrote:
> >>>
> >>> You don't enable SSL for a endpoint you do it for a
> >>> host/port combination. All endpoints under that virtual host
> >>> is SSL enabled.
> >>>
> >>> On Sat, Jul 2, 2022, 9:01 PM Yong Walt <yongwalt@gmail.com>
> >>> wrote:
> >>>
> >>> Hello
> >>>
> >>> When I run certbot --apache for modperl handler service,
> >>> it doesn't work.
> >>> So how can I setup letsencrypt SSL for a pure handler
> >>> web API?
> >>>
> >>> Thanks
> >>>
> >>
> >
>

[-- Error: unable to create PGP subprocess! --]





--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013