Hi, my first post here. I'm new to Apache. Tried to learn as much as I can on my own, but have hit a brick wall. PayID is a new universal payment protocol just released - more details at payid dot org. The objective is to enable sending of a variety of payments using just one human-readable address, of the form user$example.com. I don't want to run a full PayID server, just serve my own domain which I set up on an AWS EC2 AMI Linux 2 t2.micro instance. Installed Apache 2.4 and ran Certbot to get SSL certificates for example.com and www.example.com. It happily serves my index.html page in a browser over the internet. SSL Labs gives both version of the domain A+. TLS 1.2 is the only HTTPS protocol accepted by my site. I also installed Node.js (latest stable version) and NVM. I tried to follow Matt Hamilton's example: https://dev.to/hammertoe/static-serving-payid-address-1eac Edited httpd.conf along the lines he shows (only showing the non-standard sections here): <VirtualHost InstancePublicIP:80> DocumentRoot "/var/www/html/example.com" ServerName "example.com" ServerAlias "www.example.com" RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost InstancePublicIP:443> DocumentRoot "/var/www/html/example.com" ServerName example.com ServerAlias www.example.com Header always set Strict-Transport-Security "max-age=63072000; preload" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-$ SSLHonorCipherOrder off SSLSessionTickets off SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem" ErrorDocument 404 /404.html # PayID RewriteEngine On RewriteCond "%{HTTP_ACCEPT}" "application/xrpl-mainnet\+json" RewriteRule ^(.+) /.pay/$1.json [L] </VirtualHost> Code (ApacheConf): And in /var/www/html/example.com/.pay I have a file payme.json: { "addresses": [ { "paymentNetwork": "XRPL", "environment": "MAINNET", "addressDetailsType": "CryptoAddressDetails", "addressDetails": { "address": "rVcktW*********************************" } } ], "payId": "payme$example.com" } Code (JavaScript): Permissions are set to 755 for the .pay folder and 644 for the json file. The HTTP to HTTPS rewrite seems to work. PayID mandates use of HTTPS, so it shouldn't be trying to access port 80 anyway. The problem is that Xumm, an app that is happy to send XRP to PayID addresses, will not recognise my payme$example.com address, whereas it recognises Matt's address and others. I also tried on a crypto exchange that uses PayID - still no joy, so it's not the Xumm app at fault. There is a PayID validator site: https://payidvalidator.com/ Entering my address yields the following result: Validation Results Score 0% HTTP Status Code Value 404 Result Fail Message - Header Check / Access-Control-Allow-Origin Value Result Fail Message The header could not be located in the response. Header Check / Access-Control-Allow-Methods Value Result Fail Message The header could not be located in the response. Header Check / Access-Control-Allow-Headers Value Result Fail Message The header could not be located in the response. Header Check / Access-Control-Expose-Headers Value Result Fail Message The header could not be located in the response. Code (markup): It's a pretty comprehensive disaster! I must be doing something very wrong. Any help appreciated!
Success!! I solved the problem by moving from AWS to GCP. Google Cloud enables TLSv1.3 whereas AWS is only on v1.2. It may also be necessary to enable HTTP2, but not sure about that.