[bug] let's encrypt fails with custom .htaccess

W

wesdegroot

New member
Joined
Nov 16, 2013
Messages
4
Let's encrypt failed to renew certificates...
Code: 
Getting challenge dor mydomainnname.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: invalid response from http://mydomainname.com/.well-known/acme-challenge/SOMERANDOMSTRING. Exiting...

after (temporary) disabling the .htaccess it worked:
Code: 
[root@vps public_html]# mv .htaccess xxx.htaccess

After renewing set the .htaccess active again
Code: 
[root@vps public_html]# mv xxx.htaccess .htaccess

Contents of .htaccess
Code: 
[root@vps public_html]# cat .htaccess 
# Set Options
# {
	Options +FollowSymlinks +MultiViews -Indexes
	Header set Access-Control-Allow-Origin "*"

	# Rewrite to v2
	# {
		RewriteEngine On
		RewriteRule ^(.*) v2/$1
	# }
# }
 
smtalk said:
Please give it a try with pre-release version of DA.
Click to expand...
Sorry to say, maybe the same here with the prerelease after the latest updates somewhat changed the lines / letsencrypt.sh script back?:


usr/local/directadmin/scripts/letsencrypt.sh: line 342: /var/www/html/.well-known/acme-challenge/: Is a directory
Error: http://mydomainname.com/.well-known/acme-challenge/ is not reachable. Aborting the script.
Please make sure /.well-known alias is setup in WWW server.n.
Click to expand...

Updates were:
libxslt 1.1.28 to 1.1.29 update is available.
libxml2 2.9.3 to 2.9.4 update is available.
cURL 7.48.0 to 7.49.0 update is available.
AWstats 7.4 to 7.5 update is available.
PHP 5.6: 5.6.21 to 5.6.22 update is available.
RoundCube webmail 1.1.5 to 1.2.0 update is available.
phpMyAdmin 4.6.1-all-languages to 4.6.2-all-languages update is available
Click to expand...

I did change the line again back to then fine

CHALLENGE="`echo "${RESPONSE}" | awk '/"type": "http-01"/,/}/'`"
Click to expand...
So the scrypt was updated with a wrong version! ????

So solved here, but be aware when Prerelease and or BETA's to extra check after updates or it is still working. ;)
 
Last edited:
There should be a .htaccess file in .well-known directly, which turns RewriteEngine off. May you check if you have it? Also, are you using letsencrypt=1 or letsencrypt=2 in directadmin.conf?
 
V1.50.1

smtalk said:
There should be a .htaccess file in .well-known directly, which turns RewriteEngine off. May you check if you have it? Also, are you using letsencrypt=1 or letsencrypt=2 in directadmin.conf?
Click to expand...

The well-known contains
Code: 
[root@vps .well-known]# cat .htaccess 
<IfModule mod_rewrite.c>
	RewriteEngine off
</IfModule>

I'm using
Code: 
letsencrypt=1
.

Fails also on V1.50.1

(Stupid but working) fix:
Code: 
challenge_check() {
        if [ ! -d ${WELLKNOWN_PATH} ]; then
                mkdir -p ${WELLKNOWN_PATH}
        fi
        touch ${WELLKNOWN_PATH}/letsencrypt_${TIMESTAMP}
	#Checking if http://www.domain.com/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} is available
	if ! ${CURL} -I -X GET http://${1}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} 2>/dev/null | grep -m1 -q 'HTTP.*200'; then
			echo 0 #1
        else
            echo 0
	fi
    
    #Only for debugging for DA Forum.
    echo "${CURL} -I -L -k -X GET http://${1}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP}" &> /var/www/html/.well-known/curl.txt
    ${CURL} -I -X GET http://${1}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} &>> /var/www/html/.well-known/curl.txt
    echo "--------------------------------------------------------------------------" &>> /var/www/html/.well-known/curl.txt
    ${CURL} -I -X GET http://${1}/.well-known/acme-challenge/letsencrypt_${TIMESTAMP} &>> /var/www/html/.well-known/curl.txt

    rm -f ${WELLKNOWN_PATH}/letsencrypt_${TIMESTAMP}
}

The problem I have logged it:
Code: 
/usr/local/bin/curl -I -L -k -X GET http://bihappy.eu/.well-known/acme-challenge/letsencrypt_1466703626

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
HTTP/1.1 200 OK
Date: Thu, 23 Jun 2016 17:40:28 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Thu, 23 Jun 2016 17:40:27 GMT
ETag: W/"0-535f58cbca024"
Accept-Ranges: bytes
Content-Length: 0
Vary: User-Agent

--------------------------------------------------------------------------
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
HTTP/1.1 302 Found
Date: Thu, 23 Jun 2016 17:40:28 GMT
Server: Apache/2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=60, private, proxy-revalidate
Pragma: no-cache
location: https://www.bihappy.eu/.well-known/acme-challenge/letsencrypt_1466703626
Vary: Accept-Encoding,User-Agent
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST
Transfer-Encoding: chunked
Content-Type: text/html

Something goes terrible wrong with the directadmin check...
After the change directadmin says:
Code: 
Certificate and Key Saved.

Details

Getting challenge for bihappy.eu from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for files.bihappy.eu from acme-server...
Waiting for domain verification...
Challenge is valid.
Getting challenge for www.bihappy.eu from acme-server...
Waiting for domain verification...
Challenge is valid.
Generating 4096 bit RSA key for bihappy.eu...
openssl genrsa 4096 > "/usr/local/directadmin/data/users/wesdegroot/domains/bihappy.eu.key.new"
Generating RSA private key, 4096 bit long modulus
.........................................................................++
...............................................................................................................++
e is 65537 (0x10001)
Certificate for bihappy.eu has been created successfully!

And its working properly
 
Fix?

I have the same problem.

Anybody involved in the patching of this in DirectAdmin knows what the status is? I cannot find anything about it.
Or should I apply the patch provided by @wesdegroot ? I prefer to leave it to DirectAdmin.. :-)
 
You must log in or register to reply here.
Back
Top