Hi, I’m trying to use --webroot to authenticate a cert. I’m running ISPConfig 3.1 latest version but I dont host sites, just use it as an email server so I only have one webroot and want to just install the certs, then symlink to them from the ispc files. I tried running:
certbot certonly --webroot -w /var/www/html/ -d mail4.domain.com
and I can see the ./well-known directory and I can browse to it online (so dns works), but there is no acme-challenge subfolder, which i’m guessing is why the challenge fails. Should I make it manually or is it a temp thing that certbot makes?
Centos7/Apache 2.4. I have ssh and root access
Do you have an IPv6 AAAA record for your domain name?
It shouldn’t be a problem if
.well-known/acme-challenge doesn’t exist at other times. But if you do create
acme-challenge, and add a file
/var/www/html/.well-known/acme-challenge/test.txt, can you see it in your browser at https://mail4.domain.com/.well-known/acme-challenge/test.txt?
I do not have ipv6 enabled on this server, just ip4. I can make the folder, and I can see it, but if I try and access the test.txt file, i get a forbidden error. Permissions issue or apache issue?
I can see and browse to /.well-known folder but get:
You don’t have permission to access /.well-known/acme-challenge/ on this server.
When trying to access the acme-challenge folder.
[root@mail4 acme-challenge]# ls -a
[root@mail4 acme-challenge]# nano test.txt
[root@mail4 acme-challenge]# ls -a -lg
drwxr-xr-x 2 root 21 Aug 13 14:04 .
drwxr-xr-x 3 root 27 Aug 12 23:12 …
-rw-r–r-- 1 root 11 Aug 13 14:04 test.txt
[root@mail4 acme-challenge]# cd …
[root@mail4 .well-known]# ls -a -lg
drwxr-xr-x 3 root 27 Aug 12 23:12 .
drwxr-xr-x 3 root 41 Aug 12 18:17 …
drwxr-xr-x 2 root 21 Aug 13 14:04 acme-challenge
Probably an Apache configuration issue. For example, maybe it’s set to refuse to serve paths that contain a leading dot.
got it working, in the sites-available folder of apache, there is an ispconfig.conf file and somehow it had a line for an alias redirecting that .well-known folder to another usr folder, so I commented it out and it verified. Now I just need to link the certs to ones it uses and automate it.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.