* * * * *
                                        
                        I should have made a check list
                                        
Yup. I messed up again, just as I was afraid of [1]. Using mod_md [2] isn't
that hard, it's just that any mistake you make means you just lost a few
days, up to an entire month.

Sigh.

It's a bit late now, but I should have created this check list to help
prevent mistakes:

  1.  [ ]  Figure out primary domain name (aka (also known as) primary)
  2.  [ ]  Figure out alias domain name (aka alias)
  3.  [ ]  Configure MDomainSet
  3.   1.  [ ]  <MDomainSet primary>
  3.   1.   1.  [ ]  Make sure primary is spelled correctly
          
  3.   2.  [ ]  MDCertificateAgreement accepted
  3.   3.  [ ]  MDContactEmail sean@coman.org
  3.   4.  [ ]  MDMemer alias
  3.   4.   1.  [ ]  Make sure alias is spelled correctly
          
  3.   5.  [ ]  MDRequireHttps temporary
  3.   6.  [ ]  </MDomainSet>
     
  4.  [ ]  Configure VirtualHost alias:80
  4.   1.  [ ]  <VirtualHost ip:80>
  4.   2.  [ ]  ServerName alias
  4.   2.   1.  [ ]  Make sure alias is spelled correctly
          
  4.   3.  [ ]  Redirect permanent / http://primary
  4.   3.   1.  [ ]  Make sure primary is spelled correctly
          
  4.   4.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
  4.   5.  [ ]  </VirtualHost>
     
  5.  [ ]  Configure VirtualHost primary:80
  5.   1.  [ ]  <VirtualHost ip:80>
  5.   2.  [ ]  ServerName primary
  5.   2.   1.  [ ]  Make sure primary is spelled correctly
          
  5.   3.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
  5.   4.  [ ]  </VirtualHost>
     
  6.  [ ]  Configure VirtualHost alias:443
  6.   1.  [ ]  <VirtualHost ip:443>
  6.   2.  [ ]  SSLEngine on
  6.   3.  [ ]  ServerName alias
  6.   3.   1.  [ ]  Make sure alias is spelled correctly
          
  6.   4.  [ ]  Redirect permanent / https://primary
  6.   4.   1.  [ ]  Make sure primary is spelled correctly
          
  6.   5.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
  6.   6.  [ ]  </VirtualHost>
     
  7.  [ ]  Configure VirtualHost primary:443
  7.   1.  [ ]  <VirtualHost ip:443>
  7.   2.  [ ]  SSLEngine on
  7.   3.  [ ]  ServerName primary
  7.   3.   1.  [ ]  Make sure primary is spelled correctly
          
  7.   4.  [ ]  Protocols h2 h2c http/1.1 acme-tls/1
  7.   5.  [ ]  </VirtualHost>
  7.   6.  [ ]  Other configuration settings …
     

My last mistake? I forgot to add acme-tls/1 to the Protocols directive.

Aaaaaaah!

It's not that I haven't done check [3] lists [4] before, and they're great at
making sure you don't miss a step—I just have to remind myself to do them.
But better late than never, as I can use this the next time I have to add a
new domain.

[1] gopher://gopher.conman.org/0Phlog:2022/12/07.2
[2] https://httpd.apache.org/docs/2.4/mod/mod_md.html
[3] gopher://gopher.conman.org/0Phlog:2006/08/24.1
[4] gopher://gopher.conman.org/0Phlog:2015/03/18.1

Email Sean Conner at sean@conman.org

.