It’s a bad experience when a commercial domain’s emails get discarded due to a failure to renew the LetsEncrypt certificate. Therefore, being able to ensure that, when the time comes for autorenewal, it will actually, for certain and for sure, actually work is a really big deal.
Simply looking at configuration settings and, from that, inferring that it will work is, shall we say, inadequate.
Apparently letsencrypt was not able to download their file from http://www.domain.com and when i disabled htaccess i ws able to renew manually.
I have added follow BUT i am not sure if this will work as I am waiting for a domain to renew today as now it tries renewals after a week
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/[0-9a-zA-Z_-]+$
Despite so many threads nothing is clear how to enable letsencrypt renewal so that it can access http file on an SSL enabled domain.
I still cant find any way on to put the .wellknown/acme-challenge as exception. Nobody there to share their experience?
The easiest way to do so is to create a “Website Redirect” from within Virtualmin. This will place the redirect code into the servers VirtualHost configuration rather than you having to use a “.htaccess” file.
Navigate over to Server Configuration > Website Redirects
Dear TPNsolutions thank you for your guidance. I have used .htaccess directives for each domain and it usually works. I used ewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/[0-9a-zA-Z_-]+$ and it does work but when I try access a file of letsencrypt thats stored as 777 root is not accesible via browser.
It gives Forbidden you dont have permission to access 403 error. I am trying to understand what Do i need to change so that http://domain.com/.well-known/ files are downloadable. I also added this following on httpd conf <Directory “/home/domain/public_html/.well-known/acme-challenge”>
allow from all
The “.well-known” will intentionally produce a 403 error as it doesn’t contain an “index” file within it. The folder is used by the “Acme Protocol” to verify a domain’s existence and should NOT be altered in any way. You should just leave the folder and it’s content “as-is”.
Yes right but how does one fix the issue of file not downloading? See here the error on virtualmin when it attempts to renew:
By altering httpd or adding code to htaccess it still gives 403 error and is not renewing:
Registering account…
Already registered!
Verifying domain.com…
Wrote file to /home/domuser/public_html/.well-known/acme-challenge/WYRbjUwp-x4GIWK75_w31vfEtRuEdfZxICFkd32mXeM, but couldn’t download http://domain.com/.well-known/acme-challenge/WYRbjUwp-x4GIWK75_w31vfEtRuEdfZxICFkd32mXeM
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 235, in
main(sys.argv[1:])
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER, CA=args.ca)
File “/usr/libexec/webmin/webmin/acme_tiny.py”, line 184, in get_crt
domain, challenge_status))
I’m seeing a sequence of responses addressing how one gets automatic renewal to work – not how to test whether it will work when the critical time comes.