[ndbug] R.I.P. http, hello https

N.J. Thomas njt at ayvali.org
Wed Aug 9 14:51:54 PDT 2017

hi all,

Just as an fyi, I converted the site and the Mailman subscription page
to https (thank you LetsEncrypt!) right now.

I probably should have done this earlier, but better late than never.

I added Apache redirects for everything, so you shouldn't see any
difference at all (if you go to any http page, it will redirect you to

FWIW, if anyone cares, the Apache setup was straightforward. I made sure
Apache was listening on 443 in addition to 80:

    Listen 443

I turned on the SSL module, by uncommenting this line:

    LoadModule ssl_module libexec/apache24/mod_ssl.so

I converted my port 80 VirtualHost entries into port 443 VirtualHost entries
and added these lines to the stanza:

    SSLEngine on
    SSLCertificateFile      /usr/local/etc/apache24/Includes/certs/example.org/cert.pem
    SSLCertificateKeyFile   /usr/local/etc/apache24/Includes/certs/example.org/privkey.pem
    SSLCertificateChainFile /usr/local/etc/apache24/Includes/certs/example.org/chain.pem

(/usr/local/etc/apache24/Includes/certs/example.org is just a symlink to

And then I updated all references to http (I had some redirects that
converted www.ndbug.in to ndbug.in) to https.

I turned my port 80 VirtualHost entries into small redirects:

    <VirtualHost *:80>
        ServerName "example.org"
        ServerAlias  "www.example.org"
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule /(.*) https://example.org/$1 [R,L]

Mailman required some more voodoo. I needed to add the following to

    DEFAULT_URL_PATTERN = 'https://%s/mailman/'

And then for every list, I needed to run:

    /usr/local/mailman/bin/withlist -l -r fix_url [listname] -u [list_domain]

I used certbot to get the LetsEncrypt certs (I know there are other,
better, clients out there, I just used this one because it was in

Let me know if you see any weirdness:



More information about the talk mailing list