Dominic

Dominic

Closed

If we enable basic auth on a SSL secured website (LE) the renew won't work as the .well-known/acme-challenge path is not public available.

As it's only needed for the cert request I'd suggest to not include this path to the basic auth by default.

Dennis

Dennis

·
·

@Dominic A while ago we already introduced a fix for this, it might be that your domain does not have this configuration just yet.

This is the contents of the file:

# This location allows the SSL requests and renewals by Certbot & Let's Encrypt to go through.
# If you're not comfortable with this setting, you may remove this file and restart NGINX.
location /.well-known/ {
	auth_basic off;
}

And it's placed inside: /etc/nginx/ploi/yourdomain.com/server/disable-basic-auth-well-known.conf.

Check if you have this file for that domain. (Replace yourdomain.com with your domain)

no votes yet
Dominic

Dominic

Item author
·
·

@Dennis Thank's for the fast response! The file already exists for the domain.

Just noticed that it also failed for our other site managed by ploi. The file does not seems to be created. Is there any known issue?

In the docs I saw a notice about IP v6. We do have some AAAA records set for the main and one other subdomain, but not for those two specific subdomains. Could this be related to the problem nevertheless?

no votes yet
Dominic

Dominic

Item author
·
·

Note: the AAAA records already existed on initial SSL request (that worked fine)

no votes yet
You may use @ to mention someone.

Whitelist .well-known/acme-challenge folder on basic auth

1 total vote
Dominic

  • Dennis moved item to board Closed

    2 years ago

  • Dennis moved item to board Under review

    2 years ago

  • Dennis moved item to project Site Level Requests

    2 years ago

  • Dominic opened

    2 years ago