The free TLS certificate provider Let’s Encrypt automates the request-and-setup process using the ACME protocol to verify domain ownership. Software on your server creates a file in a known location, based on your request. The certificate authority checks that location, and if it finds a match to your request, it will grant the certificate. (You can also validate it using a DNS record, but not all implementations provide that. DreamHost, for instance, only uses the file-on-your-server method.)

That makes it really simple for a site that you want to run over HTTPS.

Redirected sites are trickier. If you redirect all traffic from Site A to Site B, Let’s Encrypt won’t find A’s keys on B, so it won’t issue (or renew!) the cert. You need to make an exception for that path.

On the Let’s Encrypt forums, jmorahan suggests this for Apache:


RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://example.com$0

That didn’t quite work for me since I wanted a bit more customization. So I used mod_rewrite instead. My rules are a little more complicated (see below), but the relevant part boils down to this:


RewriteEngine On
RewriteBase /

# Redirect all hits except for Let's Encrypt's ACME Challenge verification to example.com
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge
RewriteRule ^(.*) https://example.com/$1 [R=301,L]

These rules can go in your server config file if you run your own server, or the .htaccess for the domain if you don’t.

Continue reading

Last summer I saw the 25th Anniversary production of Les Misérables on stage. I started reviewing it, but never finished. Now that I’ve seen the movie, I figured it was time to rescue this from the draft folder before writing my thoughts on the film.

For the 25th anniversary of the show, the staging has been completely redone (in part to get rid of the rotating stage). The songs have been adjusted again, and long-standing direction, costume design and characterization has been allowed to change.

Overall I like the new staging. It’s not a stripped-down production at all – in fact, most of the sets are more elaborate than the original, which basically relied on the rotating floor, lighting, two jumbles of boxes, and a bridge. Fortunately they didn’t go overboard: they let the songs carry the show, which leads to an interesting mix of elaborate sets for ensemble numbers and empty stages for the solos.

Continue reading →

We saw Cirque du Soleil’s resident Los Angeles show last weekend. Cirque is always impressive, and IRIS has the usual collection of trapeze artists, contortionists, tumblers, ribbon flyers, and elaborate costumes you’d expect from one of their shows. This one stands out for several reasons:

  1. I like the history of movies, so all the thematic references to early cinema and classic movies were fun. The Dolby Theater is a great match for this look.
  2. They did a great job of mixing live performances with live and time-delayed video, giving it a very different look from most shows. (And as the program pointed out, the video effects react to the performers, not the other way around.)
  3. This is the first Cirque show I’ve seen in a long time where I enjoyed the clown performances as much as the acrobatics.

Some highlights:

  • The filmstrip act, where the performers walk through a series of identical rooms, each performing an action for a camera that plays back on a short delay, and each interacting with the previous performer’s recorded action.
  • The soundstage number at the opening of act two. I think the entire cast was onstage, all doing something different, all at the same time. An incredible illusion of chaos.
  • A film noir-style fistfight turned into a tumbling trampoline act.

The only disappointment was that act two felt a bit short, probably because the individual numbers were so long.

One more thing: this stretch of Hollywood Blvd is a bit odd if you’re not used to it: It’s sort of like walking around Comic-Con, except the people dressed as Jack Sparrow, Spider-Man and Hello Kitty are there for money instead of fun.