Basic auth protection to allow ACME Challenge

#1
HI, I have the following code set up in my CyberPanel vhost.conf file:


Code:
# START-HTTP-AUTH
context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<sitename>/htpasswd
  }
}
# END-HTTP-AUTH
How would I modify this to allow Letsencrypt to perform the .well-known/acme-challenge fetch? (Basically to remove basic auth for that route)?

Thank you in advance for any help.
 

Cold-Egg

Administrator
#2
Try setting a .well-known context in virtual host see if it should helps.
Example:
Code:
context /.well-known/ { 
  location                /var/www/html/
  allowBrowse             1 
  addDefaultCharset       off
}
Please substitute the location value to your site's path.
 
#5
Sorry unfortunately I still can't get this to work.

I am obviously missing something.

If I try and access <website>/.well-known/acme-challenge/hello.txt in the brower, it still shows the basic auth:


Code:
# START-HTTP-AUTH
context /.well-known/ {
  location                /home/<site>/public_html
  allowBrowse             1
  addDefaultCharset       off
}

context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<site>/htpasswd
  }
}
# END-HTTP-AUTH
I'm not really sure what else I can try at this stage. Any help is massive appreciated. Thank you
 

lsqtwrk

Administrator
#6
location /home/<site>/public_html


this is wrong , you need to set it to /home/<site>/public_html/.well-known/ , assuming the well-known directory should be generated under that public_html
 
#7
I've update to this, but it is still not working. The location is /home/<site>/public_html/.well-known/ so this should work, but I still get the basic auth alert when navigating to the text file
 

lsqtwrk

Administrator
#8
I've update to this, but it is still not working. The location is /home/<site>/public_html/.well-known/ so this should work, but I still get the basic auth alert when navigating to the text file
could you please screenshot me the context main page and each individual context setting in webadmin console ?
 
#9
Hi, this is a copy of the vhost.conf:


Code:
docRoot                   $VH_ROOT/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               hosting@designyourcode.com
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
  useServer               0
  logLevel                ERROR
  rollingSize             10M
}

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
  useServer               0
  logFormat               "%v %h %l %u %t "%r" %>s %b"
  logHeaders              5
  rollingSize             10M
  keepDays                10  compressArchive         1
}

scripthandler  {
  add                     lsapi:devcare php
}

extprocessor devcare {
  type                    lsapi
  address                 UDS://tmp/lshttpd/devcare.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             600
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp73/bin/lsphp
  extUser                 devcare
  extGroup                devcare
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

phpIniOverride  {

}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
}

vhssl  {
  keyFile                 /etc/letsencrypt/live/<site>/privkey.pem
  certFile                /etc/letsencrypt/live/<site>/fullchain.pem
  certChain               1
  sslProtocol             30
}

# START-HTTP-AUTH
context /.well-known/ {
  location /home/<site>/public_html/.well-known/
  allowBrowse 1
  addDefaultCharset off
}

context / {
  realm ProtectedArea
}

realm ProtectedArea {
  userDB {
    location conf/vhosts/<site>/htpasswd
  }
}
# END-HTTP-AUTH
 

Cold-Egg

Administrator
#16
Hi @DesignyourCode and @chrisbobin ,

I can reproduce the issue and confirmed that this issue has been addressed on v1.6.15 and v1.7.2.
Both versions are not stable yet and there's still some pending issue need to be fixed on 1.6.15.
Please give our developer some time and new release will fix this issue.

Best,
Eric
 
#20
Hi @Cold-Egg - just wanted to confirm that I have now tested this on multiple servers and the upgrade above works perfectly.

The only thing I noticed was that any sites on the same server that had previously had an SSL issued needed re-issuing - so in case anyone else comes across this I thought I'd mention it.

Thanks everyone for your time on this - very much appreciated and a great solution in the end.
 
Top