I posted this on here the CyberPanel forum but it may be more specific to OpenLiteSpeed.
Background
I have a live web server running mydomain.com just fine.
I want to start working on an updated site which for now I will call new.mydomain.com. I created a new Ubuntu 22.04 VM on Azure and installed CyberPanel 2.3 Build 5 from script, which installed OLS 1.7.19. For now this development server will only run the temporary domain, but eventually it will become the live server.
Steps Followed
On the new server, in CyberPanel, I created host mydomain.com.
In OpenLiteSpeed > Listeners, I added the new.mydomain.com domain for both Default and SSL listeners. I can successfully resolve the “CyberPanel Installed” default page at http://new.mydomain.com.
Now I follow How to fix SSL issues in CyberPanel - Knowledge Base to try to manually create a cert for my new subdomain:
sudo /root/.acme.sh/acme.sh --issue -d new.mydomain.com --cert-file /etc/letsencrypt/live/mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mydomain.com/fullchain.pem -w /home/mydomain.com/public_html --server letsencrypt --force --debug
Issue
Everything looks fine–the /home/mydomain.com/public_html/.well-known/acme-challenge folder is created and the token is in the folder–but then LiteSpeed fails to serve the file, instead returning a 404 error. In fact, if I put a test file in the "acme-challenge" folder, I get a 404 error. But if I rename 'acme-challenge" to “acme-challenge2”, the test file is served no problem. Access log excerpts:
Let's Encrypt gets 404:
"23.178.112.211 - - [18/Jul/2024:22:55:45 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"162.239.101.22 - - [18/Jul/2024:22:56:33 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711
"23.178.112.100 - - [18/Jul/2024:22:57:19 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"57.154.54.210 - - [18/Jul/2024:22:57:22 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 1249 "-" "acme.sh/3.0.8 (https://github.com/acmesh-official/acme.sh)""
"162.239.101.22 - - [18/Jul/2024:22:57:54 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711
/.well-known/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:14:54 +0000] "GET /.well-known/test.html HTTP/1.1" 200 4
/.well-known/acme-challenge/test.html gets 404:
"162.239.101.22 - - [18/Jul/2024:23:15:17 +0000] "GET /.well-known/acme-challenge/test.html HTTP/1.1" 404 711
Renamed folder /.well-known/acme-challenge2/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:45:42 +0000] "GET /.well-known/acme-challenge2/test.html HTTP/1.1" 200 4
It’s like LiteSpeed is intercepting any attempt to access /acme-challenge and blocking it.
It seems this was reported two years ago but not resolved:
https://community.cyberpanel.net/t/...itional-subdomains-under-parent-account/34005
How do I get a Let's Encrypt cert for my temporary subdomain?
Background
I have a live web server running mydomain.com just fine.
I want to start working on an updated site which for now I will call new.mydomain.com. I created a new Ubuntu 22.04 VM on Azure and installed CyberPanel 2.3 Build 5 from script, which installed OLS 1.7.19. For now this development server will only run the temporary domain, but eventually it will become the live server.
Steps Followed
On the new server, in CyberPanel, I created host mydomain.com.
In OpenLiteSpeed > Listeners, I added the new.mydomain.com domain for both Default and SSL listeners. I can successfully resolve the “CyberPanel Installed” default page at http://new.mydomain.com.
Now I follow How to fix SSL issues in CyberPanel - Knowledge Base to try to manually create a cert for my new subdomain:
sudo /root/.acme.sh/acme.sh --issue -d new.mydomain.com --cert-file /etc/letsencrypt/live/mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mydomain.com/fullchain.pem -w /home/mydomain.com/public_html --server letsencrypt --force --debug
Issue
Everything looks fine–the /home/mydomain.com/public_html/.well-known/acme-challenge folder is created and the token is in the folder–but then LiteSpeed fails to serve the file, instead returning a 404 error. In fact, if I put a test file in the "acme-challenge" folder, I get a 404 error. But if I rename 'acme-challenge" to “acme-challenge2”, the test file is served no problem. Access log excerpts:
Let's Encrypt gets 404:
"23.178.112.211 - - [18/Jul/2024:22:55:45 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"162.239.101.22 - - [18/Jul/2024:22:56:33 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711
"23.178.112.100 - - [18/Jul/2024:22:57:19 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"57.154.54.210 - - [18/Jul/2024:22:57:22 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 1249 "-" "acme.sh/3.0.8 (https://github.com/acmesh-official/acme.sh)""
"162.239.101.22 - - [18/Jul/2024:22:57:54 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711
/.well-known/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:14:54 +0000] "GET /.well-known/test.html HTTP/1.1" 200 4
/.well-known/acme-challenge/test.html gets 404:
"162.239.101.22 - - [18/Jul/2024:23:15:17 +0000] "GET /.well-known/acme-challenge/test.html HTTP/1.1" 404 711
Renamed folder /.well-known/acme-challenge2/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:45:42 +0000] "GET /.well-known/acme-challenge2/test.html HTTP/1.1" 200 4
It’s like LiteSpeed is intercepting any attempt to access /acme-challenge and blocking it.
It seems this was reported two years ago but not resolved:
https://community.cyberpanel.net/t/...itional-subdomains-under-parent-account/34005
How do I get a Let's Encrypt cert for my temporary subdomain?
Last edited:
