Apache throws 403

Try using the test/staging environment:
--dry-run

It's never one full hour.
The wait is until 5 turns to 4 within the last hour.

1 Like

Same 403

PHP is killing the ACME requests!

How can it tell the difference between my requests and the LE requests?????
Mine get through, LE gets 403.

1 Like

run it in debug again and save a copy of the temp file created

we can then use that file to test with after certbot ends

1 Like

My brain is starting a meltdown...
I'll have to cool it off to continue :beer:

1 Like

Saved. Saved also the pre and post.conf in /etc/apache2

It’s 2:21 AM here, i’m also not really able to think anymore :slight_smile: Perhaps we’ll continue tomorrow? It’s no production server, no costs involved :slight_smile:

1 Like

In le_http_01_challenge_post.conf is the missed directory directive:

 <Directory /var/lib/letsencrypt/http_challenges>
            Require all granted
        </Directory>
        <Location /.well-known/acme-challenge>
            Require all granted
        </Location>

After a night’s sleep, i’m still convinced that the files are created with wrong permissions. Is there a way to test this, i.e. keep the challenge files instead of have them deleted?

--debug-challenges

2 Likes

It worked with certbot run -a webroot -i apache -w /srv/phpmyadmin_html -d pmadmin.qno.de so it seems it is not a misconfiguration but a problem with the apache authentiication plugin. I will watch this thread still some days to help with debugging.

Thank you, happy holydays.

2 Likes

I don't see how this would work:

and this would not work:

To me, something else must have changed.

2 Likes

You are perfectly right. But i did not change something else, and i would not know of another admin.

1 Like

Try both in staging:

certbot run -a webroot -i apache -w /srv/phpmyadmin_html -d pmadmin.qno.de --dry-run
certbot certonly --webroot -w /srv/phpmyadmin_html -d pmadmin.qno.de --dry-run

There are only three possible outcomes:

  • both work:
    goes to my assertion of the "something else" changed

  • only one works
    highly unlikely...
    but might indicate that the two commands aren't as equal as they appear to be

  • neither of them works.
    this indicates that something new has changed and now breaks it all

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.