Basic auth protection to allow ACME Challenge

#1
HI, I have the following code set up in my CyberPanel vhost.conf file:


Code:
# START-HTTP-AUTH
context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<sitename>/htpasswd
  }
}
# END-HTTP-AUTH
How would I modify this to allow Letsencrypt to perform the .well-known/acme-challenge fetch? (Basically to remove basic auth for that route)?

Thank you in advance for any help.
 

Cold-Egg

Administrator
#2
Try setting a .well-known context in virtual host see if it should helps.
Example:
Code:
context /.well-known/ { 
  location                /var/www/html/
  allowBrowse             1 
  addDefaultCharset       off
}
Please substitute the location value to your site's path.
 
#5
Sorry unfortunately I still can't get this to work.

I am obviously missing something.

If I try and access <website>/.well-known/acme-challenge/hello.txt in the brower, it still shows the basic auth:


Code:
# START-HTTP-AUTH
context /.well-known/ {
  location                /home/<site>/public_html
  allowBrowse             1
  addDefaultCharset       off
}

context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<site>/htpasswd
  }
}
# END-HTTP-AUTH
I'm not really sure what else I can try at this stage. Any help is massive appreciated. Thank you
 

lsqtwrk

Administrator
#6
location /home/<site>/public_html


this is wrong , you need to set it to /home/<site>/public_html/.well-known/ , assuming the well-known directory should be generated under that public_html
 
#7
I've update to this, but it is still not working. The location is /home/<site>/public_html/.well-known/ so this should work, but I still get the basic auth alert when navigating to the text file
 

lsqtwrk

Administrator
#8
I've update to this, but it is still not working. The location is /home/<site>/public_html/.well-known/ so this should work, but I still get the basic auth alert when navigating to the text file
could you please screenshot me the context main page and each individual context setting in webadmin console ?
 
#9
Hi, this is a copy of the vhost.conf:


Code:
docRoot                   $VH_ROOT/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               hosting@designyourcode.com
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
  useServer               0
  logLevel                ERROR
  rollingSize             10M
}

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
  useServer               0
  logFormat               "%v %h %l %u %t "%r" %>s %b"
  logHeaders              5
  rollingSize             10M
  keepDays                10  compressArchive         1
}

scripthandler  {
  add                     lsapi:devcare php
}

extprocessor devcare {
  type                    lsapi
  address                 UDS://tmp/lshttpd/devcare.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             600
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp73/bin/lsphp
  extUser                 devcare
  extGroup                devcare
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

phpIniOverride  {

}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
}

vhssl  {
  keyFile                 /etc/letsencrypt/live/<site>/privkey.pem
  certFile                /etc/letsencrypt/live/<site>/fullchain.pem
  certChain               1
  sslProtocol             30
}

# START-HTTP-AUTH
context /.well-known/ {
  location /home/<site>/public_html/.well-known/
  allowBrowse 1
  addDefaultCharset off
}

context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<site>/htpasswd
  }
}
# END-HTTP-AUTH
 
Top