Apache .well-known 404

eljatcho · September 2, 2022, 5:19pm

I'm having issues on making /.well-known/acme-challenge/ public accessible on Apache.

I created the file test on /.well-known/acme-challenge/ folder, when I visit http://staging.hiddendomain.com/.well-known/acme-challenge/test I always get 404.

sudo apachectl -S returns:

VirtualHost configuration:
		*:80 is a NameVirtualHost
	    	 default server staging.hiddendomain.com (/etc/httpd/conf.d/01-staging-hidden-domain-p80.conf:1)
	     	port 80 namevhost staging.hiddendomain.com (/etc/httpd/conf.d/01-staging-hidden-domain-p80.conf:1)

This is the apache configuration (01-staging-hidden-domain-p80.conf) I currently have:

<VirtualHost *:80>
	ServerName staging.hiddendomain.com
	DocumentRoot /var/www/html/hidden-domain/web/
	LogLevel trace8
	<Directory "/var/www/html/hidden-domain/web/">
		Options FollowSymLinks
		AllowOverride All
		Order Allow,Deny
		Allow from All
		#Require all granted
		Header set X-Robots-Tag "noindex, nofollow"
		# Apache 2.x
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Allow from all
		</IfModule>
		# Apache 2.4
		<IfModule mod_authz_core.c>
			Require all granted
		</IfModule>
	</Directory>
        ErrorLog logs/staging/error.log
        CustomLog logs/staging/access.log combined
</VirtualHost>

Already tried:

Using Location: 404 Not Found Apache - #5 by stasvinokur
Using a ProxyPass.
Comment IndexIgnore in autoindex.conf (#IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t)

Nothing seems to work, apache error logs show:
request.c(119): [client 72.185.47.154:63618] auth phase 'translate' gave status 404: /.well-known/acme-challenge/test

Apache version is (httpd -v):

	Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
	Server built:   Mar 22 2022 15:35:18

Osiris · September 2, 2022, 5:32pm

Where exactly did you create that folders?

eljatcho · September 2, 2022, 5:36pm

It is in /var/www/html/hidden-domain/web/.

[admin@stage-01 web]$ pwd
/var/www/html/hidden-domain/web
[admin@stage-01 web]$ ls -l .well-known/
total 4
-rw-rw-r--. 1 ugo-stage ugo-stage 9 Sep  2 14:00 test

thanks!

Osiris · September 2, 2022, 5:37pm

Have you tried http://staging.hiddendomain.com/.well-known/test ? Because I'm not seeing the /acme-challenge/ directory.

eljatcho · September 2, 2022, 5:39pm

Sorry, I messed up writing the reply:

[admin@stage-01 web]$ pwd
/var/www/html/hidden-domain/web
[admin@stage-01 web]$ ls -l .well-known/acme-challenge/
total 4
-rw-rw-r--. 1 ugo-stage ugo-stage 9 Sep 2 14:00 test

Osiris · September 2, 2022, 5:41pm

I guess you could try to put other test files in lower levels to see what that does. E.g., try /var/www/html/hidden-domain/web/test and /var/www/html/hidden-domain/web/.well-known/test or even /var/www/html/hidden-domain/web/.test/test and see what those do.

eljatcho · September 2, 2022, 5:53pm

The only that loads is:
-/var/www/html/hidden-domain/web/test
-/var/www/html/hidden-domain/web/well-known/acme-challenge/test

This two doesn't:
-/var/www/html/hidden-domain/web/.well-known/test
-/var/www/html/hidden-domain/web/.test/test

Renaming .well-known to well-known and visiting the url hiddendomain.com - hiddendomain Resources and Information. works. This make me think there is an "upper level" apache configuration somewhere that is blocking this.

Also there is an error in the log so that's means the request is hitting the server & vhost entry. The error is auth phase 'translate' gave status 404, google that a lot and can't find how to avoid it.

MikeMcQ · September 2, 2022, 6:01pm

Maybe you have a FilesMatch something like found at this thread or described in this one

Osiris · September 2, 2022, 6:12pm

That error is from requests.c, which is, sort of, documented in Request Processing in the Apache HTTP Server 2.x - Apache HTTP Server Version 2.4. Looking at the "translate" phase in the error, it probably relates to this part of the documentation:

translate_name

Modules can determine the file name, or alter the given URI in this step. For example, mod_vhost_alias will translate the URI's path into the configured virtual host, mod_alias will translate the path to an alias path, and if the request falls back on the core, the DocumentRoot is prepended to the request resource.

So the actual result could be due to any of the active modules taking part of URI translation, such as the modules mentioned.

eljatcho · September 2, 2022, 6:42pm

after 3 days of being stuck on this found the issue!!!

/etc/httpd/conf.d/security.local.conf has this rule:

RedirectMatch 404 ".*\/\..*"

I replaced that to:

RedirectMatch 404 ^\/((?!\.well\-known\/).*)$

BTW: No need to comment IndexIgnore in autoindex.conf. And I was able to clean the apache config:

<VirtualHost *:80>
	ServerName staging.hiddendomain.com
	DocumentRoot /var/www/html/hidden-domain/web/
	LogLevel trace8
	<Directory "/var/www/html/hidden-domain/web/">
		Options FollowSymLinks
		AllowOverride All
		Order Allow,Deny
		Allow from All
	</Directory>
	ErrorLog logs/staging/error.log
    CustomLog logs/staging/access.log combined
</VirtualHost>

Thanks all for the help.

system · October 2, 2022, 6:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Acme-challenge gives me a 404 Help	4	2789	March 4, 2017
404 error only on folder with name "acme-challenge" Server	6	6350	September 29, 2018
404 error with Apache - acme challenge Help	7	5156	August 7, 2018
404 error on /.well-known Help	2	1357	September 9, 2017
What is special about the .well-known/acme-challenge directory? Help	11	8285	March 26, 2020

Apache .well-known 404

translate_name

Related topics