We are running a multi-host apache2 environment for several years. Out of a sudden apache no seems to require https.
Some trivial websites are cofigured without certificates on port 80 (and with self signed or let's-encrypt certificates on port 443).
With the recent automatic renewal of a let's-encrypt certificate I got an error message related to problems to retrieve the acme-challenge via http.
It seems to be related to a recent change of the default configuration of apache2 under Debian 4.19.x .
However I did not find any option in apache2 to undo the enforcement for SSL.
Here is my configuration for on of the respective vhost's (the problem exists also for another host):
<VirtualHost *:80 >
ServerName www.antXXX.XX
ServerAlias antXXX.XX *.antXXX.XX
ServerAdmin webmaster@...
DocumentRoot /data/www/htdocsantXXX
ErrorDocument 503 /ausserBetrieb.html
<Directory /data/www/htdocsantXXX>
Options FollowSymLinks MultiViews
<RequireAll>
require all granted
</RequireAll>
RedirectMatch ^/$ /index.html
</Directory>
ErrorLog /var/log/apache2/antXXX/errorantXXX.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/antXXX/accessantXXX.log combined
ServerSignature On
</VirtualHost>
<VirtualHost *:443>
ServerName www.antXXX.XX
ServerAlias antXXX.XX *.antXXX.XX
ServerAdmin webmaster@...
DocumentRoot /data/www/htdocsantXXX
...
</VirtualHost>
I was not able to find the respective option in the basic configuration of apache nor the error document that contains the HTML-Text for "This site is configured to require an SSL (https) connection...".
I know that there is the http-option Upgrade-Insecure-Requests: 1 . However the problem also exists, when retrieving the web document locally with curl -v http://www.antXXX.XX .
How can I undo the https-requirement for the respective vhosts?
Thank you for you support
Wallenstein
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
