Redirecting HTTPS with Let’s Encrypt and Apache

The free TLS certificate provider Let’s Encrypt automates the request-and-setup process using the ACME protocol to verify domain ownership. Software on your server creates a file in a known location, based on your request. The certificate authority checks that location, and if it finds a match to your request, it will grant the certificate. (You can also validate it using a DNS record, but not all implementations provide that. DreamHost, for instance, only uses the file-on-your-server method.)

That makes it really simple for a site that you want to run over HTTPS.

Redirected sites are trickier. If you redirect all traffic from Site A to Site B, Let’s Encrypt won’t find A’s keys on B, so it won’t issue (or renew!) the cert. You need to make an exception for that path.

On the Let’s Encrypt forums, jmorahan suggests this for Apache:

RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).*$0

That didn’t quite work for me since I wanted a bit more customization. So I used mod_rewrite instead. My rules are a little more complicated (see below), but the relevant part boils down to this:

RewriteEngine On
RewriteBase /

# Redirect all hits except for Let's Encrypt's ACME Challenge verification to
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge
RewriteRule ^(.*)$1 [R=301,L]

These rules can go in your server config file if you run your own server, or the .htaccess for the domain if you don’t.

Continue reading

Wandering WonderCon in 2016

Last year’s WonderCon went well enough that when our five-year-old said he wanted to go both days this year, we figured sure, let’s do it! Famous last words…

(TL;DR: full photo album)

We had another thing going on Saturday morning, so we got in around noon and went to get lunch as soon as we had our badges. Then we stood in line at the food trucks for over an hour. By the time we made it into the convention proper, it was almost 2:30pm. On Sunday, we brought sandwiches with us, though we did wait in line for cotton candy shaped like Baymax’s head (cotton candy being the exception to the rule about not eating things bigger than your own head).

Baymax Cotton Candy

Unfortunately things didn’t work out as well as last year, kid-wise. He’s old enough to find cool things to do at a con — meet the Ninja Turtles, check out toys, play retro video games, stuff like that — but hasn’t quite mastered the art of “let someone else have a turn” or “let’s start walking so we can get to this other thing before the room fills up.” The first day of a con is overwhelming for anyone, and that goes double for kids (and parents). Saturday was so exhausting that we left early and I dropped into bed fully dressed.

Crowds, Cosplay & Events

As many people as there were, I never felt crowded. We didn’t have any problems with the RFID badges either. They had a new system where you had to tap your badge on a scanner to enter or leave the main hall, or one of the areas where events were being held. Our badges scanned just fine. J. insisted on tapping his as well, and was disappointed that the scanner didn’t respond. (He really likes the idea of having his own ticket to things, even when children get in free.)

Continue reading

Spring! Sundogs! Silhouettes!

Spring Sundogs and Silhouettes (Enhanced)

After an afternoon of ice skating, I talked the family into making a quick trip up to Del Cerro Park in Palos Verdes. It takes a while to get there from home, but since we were already up in the hills for the ice rink, it was about five minutes. My original plan was just to walk out there myself, spend five minutes enjoying the view and taking pictures, then head back, but the five-year-old wanted to come along rather than wait in the car with mom.

Of course kids have their own pace, and while he wasn’t terribly interested in looking out at the ocean from a hilltop a few thousand feet up, he was fascinated by a lot of the other things along the way, which was how we ended up getting close to the hilltop at the right time for this view of the sky, sundogs, cirrus clouds, criss-crossing contrails, and silhouetted trees.

To be honest, he wasn’t terribly interested in that view either. At five, checking out foxtails and giant clover and gopher holes and fragments of concrete slabs (in a suspiciously flat and rectangular depression) and looking for the entrance to an incredibly long stairway and climbing and balancing on logs and looking for “the actual park part of the park” (i.e. the playground) are more appealing, and I barely had a chance for this moment to register.

Down to the Sea

We did eventually make it up to the top of the hill and the viewpoint. The ocean was covered in haze, completely blocking the view of Catalina Island and any chance of watching the patterns made by ocean currents and waves far below. That was fine. It wasn’t the highlight for either of us.