Authenticating on centos7

Hi, I’m trying to use --webroot to authenticate a cert. I’m running ISPConfig 3.1 latest version but I dont host sites, just use it as an email server so I only have one webroot and want to just install the certs, then symlink to them from the ispc files. I tried running:
certbot certonly --webroot -w /var/www/html/ -d mail4.domain.com

and I can see the ./well-known directory and I can browse to it online (so dns works), but there is no acme-challenge subfolder, which i’m guessing is why the challenge fails. Should I make it manually or is it a temp thing that certbot makes?

Centos7/Apache 2.4. I have ssh and root access

error:

Hi @dougrun,

Do you have an IPv6 AAAA record for your domain name?

It shouldn’t be a problem if .well-known/acme-challenge doesn’t exist at other times. But if you do create acme-challenge, and add a file /var/www/html/.well-known/acme-challenge/test.txt, can you see it in your browser at https://mail4.domain.com/.well-known/acme-challenge/test.txt?

I do not have ipv6 enabled on this server, just ip4. I can make the folder, and I can see it, but if I try and access the test.txt file, i get a forbidden error. Permissions issue or apache issue?

I can see and browse to /.well-known folder but get:
Forbidden

You don’t have permission to access /.well-known/acme-challenge/ on this server.
When trying to access the acme-challenge folder.

Permissions:
[root@mail4 acme-challenge]# ls -a
. …
[root@mail4 acme-challenge]# nano test.txt
[root@mail4 acme-challenge]#
[root@mail4 acme-challenge]# ls -a -lg
total 4
drwxr-xr-x 2 root 21 Aug 13 14:04 .
drwxr-xr-x 3 root 27 Aug 12 23:12 …
-rw-r–r-- 1 root 11 Aug 13 14:04 test.txt
[root@mail4 acme-challenge]# cd …
[root@mail4 .well-known]# ls -a -lg
total 0
drwxr-xr-x 3 root 27 Aug 12 23:12 .
drwxr-xr-x 3 root 41 Aug 12 18:17 …
drwxr-xr-x 2 root 21 Aug 13 14:04 acme-challenge
[root@mail4 .well-known]#

Probably an Apache configuration issue. For example, maybe it’s set to refuse to serve paths that contain a leading dot.

got it working, in the sites-available folder of apache, there is an ispconfig.conf file and somehow it had a line for an alias redirecting that .well-known folder to another usr folder, so I commented it out and it verified. Now I just need to link the certs to ones it uses and automate it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.