Apache .well-known 404

I'm having issues on making /.well-known/acme-challenge/ public accessible on Apache.

I created the file test on /.well-known/acme-challenge/ folder, when I visit http://staging.hiddendomain.com/.well-known/acme-challenge/test I always get 404.

sudo apachectl -S returns:

VirtualHost configuration:
		*:80 is a NameVirtualHost
	    	 default server staging.hiddendomain.com (/etc/httpd/conf.d/01-staging-hidden-domain-p80.conf:1)
	     	port 80 namevhost staging.hiddendomain.com (/etc/httpd/conf.d/01-staging-hidden-domain-p80.conf:1)

This is the apache configuration (01-staging-hidden-domain-p80.conf) I currently have:

<VirtualHost *:80>
	ServerName staging.hiddendomain.com
	DocumentRoot /var/www/html/hidden-domain/web/
	LogLevel trace8
	<Directory "/var/www/html/hidden-domain/web/">
		Options FollowSymLinks
		AllowOverride All
		Order Allow,Deny
		Allow from All
		#Require all granted
		Header set X-Robots-Tag "noindex, nofollow"
		# Apache 2.x
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Allow from all
		</IfModule>
		# Apache 2.4
		<IfModule mod_authz_core.c>
			Require all granted
		</IfModule>
	</Directory>
        ErrorLog logs/staging/error.log
        CustomLog logs/staging/access.log combined
</VirtualHost>

Already tried:

  1. Using Location: 404 Not Found Apache - #5 by stasvinokur
  2. Using a ProxyPass.
  3. Comment IndexIgnore in autoindex.conf (#IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t)

Nothing seems to work, apache error logs show:
request.c(119): [client 72.185.47.154:63618] auth phase 'translate' gave status 404: /.well-known/acme-challenge/test

Apache version is (httpd -v):

	Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
	Server built:   Mar 22 2022 15:35:18

Where exactly did you create that folders?

2 Likes

It is in /var/www/html/hidden-domain/web/.

[admin@stage-01 web]$ pwd
/var/www/html/hidden-domain/web
[admin@stage-01 web]$ ls -l .well-known/
total 4
-rw-rw-r--. 1 ugo-stage ugo-stage 9 Sep  2 14:00 test

thanks!

1 Like

Have you tried http://staging.hiddendomain.com/.well-known/test ? Because I'm not seeing the /acme-challenge/ directory.

2 Likes

Sorry, I messed up writing the reply:

[admin@stage-01 web]$ pwd
/var/www/html/hidden-domain/web
[admin@stage-01 web]$ ls -l .well-known/acme-challenge/
total 4
-rw-rw-r--. 1 ugo-stage ugo-stage 9 Sep 2 14:00 test

I guess you could try to put other test files in lower levels to see what that does. E.g., try /var/www/html/hidden-domain/web/test and /var/www/html/hidden-domain/web/.well-known/test or even /var/www/html/hidden-domain/web/.test/test and see what those do.

4 Likes

The only that loads is:
-/var/www/html/hidden-domain/web/test
-/var/www/html/hidden-domain/web/well-known/acme-challenge/test

This two doesn't:
-/var/www/html/hidden-domain/web/.well-known/test
-/var/www/html/hidden-domain/web/.test/test

Renaming .well-known to well-known and visiting the url hiddendomain.com - hiddendomain Resources and Information. works. This make me think there is an "upper level" apache configuration somewhere that is blocking this.

Also there is an error in the log so that's means the request is hitting the server & vhost entry. The error is auth phase 'translate' gave status 404, google that a lot and can't find how to avoid it.

Maybe you have a FilesMatch something like found at this thread or described in this one

4 Likes

That error is from requests.c, which is, sort of, documented in Request Processing in the Apache HTTP Server 2.x - Apache HTTP Server Version 2.4. Looking at the "translate" phase in the error, it probably relates to this part of the documentation:

translate_name

Modules can determine the file name, or alter the given URI in this step. For example, mod_vhost_alias will translate the URI's path into the configured virtual host, mod_alias will translate the path to an alias path, and if the request falls back on the core, the DocumentRoot is prepended to the request resource.

So the actual result could be due to any of the active modules taking part of URI translation, such as the modules mentioned.

3 Likes

after 3 days of being stuck on this found the issue!!!

/etc/httpd/conf.d/security.local.conf has this rule:

RedirectMatch 404 ".*\/\..*"

I replaced that to:

RedirectMatch 404 ^\/((?!\.well\-known\/).*)$

BTW: No need to comment IndexIgnore in autoindex.conf. And I was able to clean the apache config:

<VirtualHost *:80>
	ServerName staging.hiddendomain.com
	DocumentRoot /var/www/html/hidden-domain/web/
	LogLevel trace8
	<Directory "/var/www/html/hidden-domain/web/">
		Options FollowSymLinks
		AllowOverride All
		Order Allow,Deny
		Allow from All
	</Directory>
	ErrorLog logs/staging/error.log
    CustomLog logs/staging/access.log combined
</VirtualHost>

Thanks all for the help.

4 Likes