I am using KeyCDN service, where I created a subdomain and added the SSL certificate a few months backs. Recently SSL certificate of subdomain as well renewed along with domain name SSL, but from that point, KeyCDN is unable to get the original files from my server. their support as well said the issue is at my server end.
One static file from CDN which gives 403 forbidden error
https://cdn.piacademy.co.uk/wp-content/uploads/2019/12/Logo-Christmas-11-Plus-GCSE-A-Level-Best-Tutors-PiAcademy-280x53.png
Used this tool to check for ‘cdn.piacademy.co.uk ’
https://www.digicert.com/help/
which shows the certificate renewed on 13/Mar/2020 (4 days back)
and I can see this in /etc/apache2/sites-available/000-default-le-ssl.conf
not sure what happened, Really need help! Please.
Thanks
Dinesh.
1 Like
rg305
March 18, 2020, 12:07am
2
Please show output of:
certbot certificates
[presuming you used certbot
- adjust accordingly, if not]
And also the output of:
apachectl -S
1 Like
Thank you @rg305 for your reply!
ran both the commands and attached the output below.
Thanks for your help!
1 Like
rg305
March 18, 2020, 12:51am
4
There is only one cert and it has only one FQDN:
piacademy.co.uk
Your 403 error example is from another FQDN:
cdn.piacademy.co.uk
[not sure how the two are related to the problem]
The second output has an “interesting” entry:
*:80 206.189.20.100 (/etc/apache2/sites-enabled/000-default.conf:1)
I would like to see that file to better understand why an IP was used and see how it handles the challenge requests.
1 Like
yes, not sure why CDN subdomain SSL is not displayed, I am thinking due to this auto-renewal, cdn is getting 403 forbidden error or I might be wrong. Should the subdomain ssl also appear in the output?
when I checked the log files on server, less /etc/apache2/sites-available/000-default-le-ssl.conf got this response
[Tue Mar 17 06:27:48.547714 2020] [mpm_prefork:notice] [pid 1199] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Tue Mar 17 06:27:48.547742 2020] [core:notice] [pid 1199] AH00094: Command line: '/usr/sbin/apache2'
[Tue Mar 17 06:28:09.411316 2020] [authz_core:error] [pid 24227] [client [185.172.149.65:55652](http://185.172.149.65:55652/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2019/02/question-33-6.png
[Tue Mar 17 06:28:13.233596 2020] [authz_core:error] [pid 24278] [client [185.172.149.65:60178](http://185.172.149.65:60178/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2018/11/Edexcel-GCSE-Maths-Higher-Paper-2-Sample.pdf, referer: https://piacademy.co.uk/gcse/maths-edexcel-past-exam-papers/
[Tue Mar 17 06:28:13.603255 2020] [authz_core:error] [pid 24280] [client [185.172.149.65:60518](http://185.172.149.65:60518/)] AH01630: client denied by server configuration: /var/www/html/favicon.ico, referer: https://cdn.piacademy.co.uk/wp-content/uploads/2018/11/Edexcel-GCSE-Maths-Higher-Paper-2-Sample.pdf
[Tue Mar 17 06:28:26.187850 2020] [authz_core:error] [pid 24223] [client [185.172.149.65:20882](http://185.172.149.65:20882/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2018/11/Edexcel-GCSE-Maths-Higher-Paper-2-Sample-Mark-Scheme.pdf, referer: https://piacademy.co.uk/gcse/maths-edexcel-past-exam-papers/
[Tue Mar 17 06:28:50.296010 2020] [authz_core:error] [pid 24227] [client [185.172.149.65:49680](http://185.172.149.65:49680/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2020/01/St-Albans-School-11-Plus-Maths-Entrance-Exam-Paper-2019-Question-35-300x132.png
[Tue Mar 17 06:29:10.361210 2020] [authz_core:error] [pid 24224] [client [185.172.149.65:18786](http://185.172.149.65:18786/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2018/11/Edexcel-GCSE-Maths-Higher-Paper-1-Sample.pdf, referer: https://piacademy.co.uk/gcse/maths-edexcel-past-exam-papers/
[Tue Mar 17 06:29:11.041502 2020] [authz_core:error] [pid 24223] [client [185.172.149.65:19362](http://185.172.149.65:19362/)] AH01630: client denied by server configuration: /var/www/html/favicon.ico, referer: https://cdn.piacademy.co.uk/wp-content/uploads/2018/11/Edexcel-GCSE-Maths-Higher-Paper-1-Sample.pdf
[Tue Mar 17 06:29:29.754280 2020] [authz_core:error] [pid 24280] [client [185.172.149.65:43380](http://185.172.149.65:43380/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2019/12/Question-03-SPaG-KS2-SATs-Papers-2017-Year-6-English-Sample-Paper-1.png
[Tue Mar 17 06:30:15.411173 2020] [authz_core:error] [pid 24224] [client [185.172.149.65:40580](http://185.172.149.65:40580/)] AH01630: client denied by server configuration: /var/www/html/wp-content/uploads/2019/09/11-Plus-Verbal-Reasoning-Codes-Practice-Paper-4-Question-01.png, referer: https://www.google.com/
[Tue Mar 17 06:30:47.037045 2020] [authz_core:error] [pid 24350] [client [185.172.149.65:21532](http://185.172.149.65:21532/)] AH01630: client denied by server configuration: /var/www/html/wp-content/cache/min/1/6e830bbce58fcd9f430bd5f89ad51916.css, referer: https://piacademy.co.uk/login-access/
Please also check this link at the side of CDN service:
https://tools.keycdn.com/performance?url=https://cdn.piacademy.co.uk/wp-content/uploads/2019/12/Logo-Christmas-11-Plus-GCSE-A-Level-Best-Tutors-PiAcademy-280x53.png
So worried, Please help!
1 Like
rg305
March 18, 2020, 1:24am
6
Not likely, as they are at completely different IP addresses:
Name: piacademy.co.uk
Address: 206.189.20.100
Name: a-us00.kxcdn.com
Addresses: 2a0b:4d07:2::2
2a0b:4d07:2::3
2a0b:4d07:2::4
2a0b:4d07:2::1
68.70.205.4
68.70.205.1
68.70.205.2
68.70.205.3
Aliases: cdn.piacademy.co.uk
piacademy-12d0c.kxcdn.com
I can't replicate the errors shown in the log.
The link shows problems from certain areas to the cdn.piacademy.co.uk
content.
Which can mean that the CDN is out-of-sync or maybe IPv6 is not providing the same results as IPv4.
Difficult to say for sure; as there are four IPv4 addresses and four IPv6 addresses involved.
And I still don't see how the two sites are related.
https://piacademy.co.uk/
https://cdn.piacademy.co.uk/
1 Like
rg305
March 18, 2020, 1:29am
7
That should have produced an entirely different output.
One I would not mind looking at.
[might help to explain why "client denied by server configuration" is occurring]
1 Like
system
Closed
April 17, 2020, 1:29am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.