All the virtual hosts in the netbeans-vm use the "mod_md" system to generate Let's Encrypt Certificates.

Here are some tips (learned the hard way by both the NetBeans and the Infra Teams) on how to correctly set-up the SSL Certificates for a virtual host (this is done in https://github.com/apache/infrastructure-p6/blob/production/data/nodes/netbeans-vm1.apache.org.yaml).

  1. The domain whose Let's Encrypt Certificate is to be set must be included in the "MDomain" line in the "apache::custom_config:" section.
  2. Each virtual host should have a different "docroot". Otherwise the acme system will overwrite the "./well-known/acme-challenge" directory used to regenerate the certificates.
  3. Secured virtual hosts should run on the 443 port, as usual.

  4. Secured virtual hosts MUST have the following parameters:

    ssl: false
    ssl_proxyengine: true

    Note that "ssl" must be set to "false" (this is not a typo).

  5. Secured virtual hosts MUST have the following extra custom part:
custom_fragment: |
  SSLEngine On


  • No labels