404 error only on folder with name "acme-challenge"


#1

After updating many items on my server - including apache to 2.4.3 - it is no longer possible to reach files in “/.well-known/acme-challenge/”

It is only the folder “acme-challenge” that causes the problem, because other folders like “/.well-known/test/” are reachable.

I’ve read that this may be to do with the experimental apache module mod_md, but can find no trace of this module in my configuration files.

Help please - how do I sort this out?


#2

Hi,

What’s your server config
what’s one of your domain name that’s in danger…
Can you try to place a file inside that folder? if you could, what is the error message when visiting your site?
Can you share a link to a sample file that’s correctly placed in the folder?

Thank you


#3

All domain names are in danger. I tried to renew certs that had previously worked, but get the same 404 error message.

An example of a link that doesn’t work where I have placed a test file is:
http://uniofilm.online/.well-known/acme-challenge/text.txt

On the other hand this one will work:http://uniofilm.online/.well-known/test/text.txt

On the Centos 7 server the apache virtual host settings for this domain are:

<VirtualHost 104.238.172.100:80>
	ServerName uniofilm.online
	ServerAlias www.uniofilm.online
	ServerAlias mail.uniofilm.online
	ServerAdmin XXXXXXXX
	DocumentRoot /home/uniofilm/public_html
	ScriptAlias /cgi-bin/ /home/uniofilm/public_html/cgi-bin/

	<IfModule mod_suexec.c>
		SuexecUserGroup uniofilm uniofilm
	</IfModule>

	<IfModule mod_suphp.c>
		suPHP_UserGroup uniofilm uniofilm
		suPHP_ConfigPath /home/uniofilm
	</IfModule>

	<Directory "/home/uniofilm/public_html">
		AllowOverride All
		Require all granted
	</Directory>

</VirtualHost>

#4

Hi @dzseti

are there other rewrite rules? Please share your complete config file.

Do you have firewall rules?

You have a header

Server: CentOS WebPanel: Protected by Mod Security

download http://uniofilm.online/.well-known/test/text.txt -h
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6
Content-Type: text/plain
Date: Thu, 30 Aug 2018 08:09:02 GMT
ETag: “6-57497a6a0e800”
Last-Modified: Wed, 29 Aug 2018 19:06:08 GMT
Server: CentOS WebPanel: Protected by Mod Security

Status: 200 OK

Is there a special filter?


#5

There are no rewrite rules added by me

Firewall rules and Mod Security rules have not caused a problem in the past; I have tried anyway with each switched off temporarily

The full configuration file for apache with (most) comment lines deleted is here:

ServerRoot “/usr/local/apache”

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule cgid_module modules/mod_cgid.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

  Group nobody

ServerAdmin XXXXXX

AllowOverride none Require all denied

DocumentRoot “/usr/local/apache/htdocs”
<Directory “/usr/local/apache/htdocs”>
Options Indexes FollowSymLinks

AllowOverride None

Require all granted
DirectoryIndex index.php index.html

<Files “.ht*”>
Require all denied

ErrorLog “logs/error_log”

LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>

CustomLog "logs/access_log" common
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

<Directory “/usr/local/apache/cgi-bin”>
AllowOverride None
Options None
Require all granted

RequestHeader unset Proxy early
TypesConfig conf/mime.types

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
Include conf/extra/proxy-html.conf SSLRandomSeed startup builtin SSLRandomSeed connect builtin

ExtendedStatus On
Include /usr/local/apache/conf/sharedip.conf
Include /usr/local/apache/conf.d/*.conf


#6

Have solved the issue after reading this: https://github.com/diafygi/acme-tiny/issues/79

I added this to my virtual hosts files:

   Alias /.well-known/acme-challenge/ /home/uniofilm/public_html/.well-known/acme-challenge/
   <Directory /home/uniofilm/public_html/.well-known/acme-challenge/>
          AllowOverride None
          Require all granted
          Satisfy Any
    </Directory>

Though I’m not sure whether there are any security issues with doing it this way


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.