Skip to content
This repository has been archived by the owner on Dec 30, 2020. It is now read-only.

Django

Jump to bottom
Trent Richardson edited this page Jul 22, 2018 · 12 revisions

Certificate Authentication

If you have set up your Django application to run at the root of the domain (e.g., Django serves up the pages at http://example.com), then you'll likely have trouble validating your certificate request. Considering your website serves the app "example_com" at the root, we will do the following:

Create the Control Panel Entry

  1. Go into your webfaction control panel -> domains/websites -> websites
  2. Click on your existing django website
  3. Click "Add an application" and Choose "Create a new application"
  4. Name it something like "example_com_letsencrypt". (We're simply appending "_letsencrypt" to help identify which app this goes to.
  5. Choose app category "static" and app type should be "Static/cgi/php-7.2" (the no .htaccess option will likely work as well)
  6. Set the url to ".well-known"
  7. Click Save

Configure LetsEncrypt WebFaction

  1. ssh into your webfaction server
  2. Open ~/letsencrypt_webfaction.toml for editing (assuming here you've already done the install steps of letsencrypt_webfaction. If not do those now.)
  3. Add a new certificate entry and specify the authentication key to be saved to ~/webapps/example_com_letsencrypt (our new app directory)
  4. Run letsencrypt_webfaction run. It may complain that it can't access the file in the new app we created. Thats ok, next step explains and fixes it.
  5. Webfaction will serve it up as http://example.com/.well-known/.well-known/acme-challenge/certificate_key. We need to make sure it can also be served up as http://example.com/.well-known/acme-challenge/certificate_key. To do this we can create a symbolic link by running the following command: ln -s ~/webapps/example_com_letsencrypt/.well-known/acme-challenge ~/webapps/example_com_letsencrypt/acme-challenge
  6. You can run letsencrypt_webfaction run again if you like to verify it is setup correctly. You should now get a better response.

HTTPS redirects

In the below instructions, replace example_com with the domain in question.

  1. In the WebFaction control panel, add a new static application titled something like example_com_redirect_to_https.

  2. Create an .htaccess file at ~/webapps/example_com_redirect_to_https/.htaccess with the following contents:

    RewriteEngine on
RewriteRule !^.well-known($|/) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    This will redirect http traffic to https as per the WebFaction documentation and this StackOverflow post.

  3. In the WebFaction control panel, change your domain and subdomains to HTTPS in the panel to edit the website properties.

  4. In the WebFaction control panel, create a new website for the new static application you created in step #1.

    • Normal website (http)
    • Domains - Add your domain and every subdomain that you would like redirected from http to https.
    • Contents - Add the new application you created in step #1.

  5. Use the command with the static app root dir (--public ~/webapps/example_com_redirect_to_https)

  6. After that an email should be sent to support to install the certificate for the specified domain (and subdomains).

  7. Go to your webfaction console and under Domains/Websites verify the SSL cert has been added on the SSL panel

  8. Associate this with the SSL application you created above. Note that you will need to switch from the shared certificate set in step 3, to the certificate created in step 5 in the security dropdown list for the website.

Alternatives

Alias your apache config to point at a different folder: https://github.com/will-in-wi/letsencrypt-webfaction/issues/85

Clone this wiki locally