Certbot install breaks basic authentication on Apache2

Ok installation of certbot certificates worked like a charm on Debian 9/Apache2 thank you for this project.

We are using basic authentication for several sensitive areas of our website, and after installing the certs, authentication is then disabled, obviously, this is NOT desirable as we rely on paid access to our services for our business model.

Why is apache ignoring our previously functional directives in apache2.conf after we install??

We cannot get this up and running until this is resolved, so if anybody knows why apache is ignoring .htpasswd it would be extremely helpful, running without certs is not a good idea considering that we are using basic authentication, so we gotta get this issue resolved.

Thank you, heres the relevant part of our apache2.conf with our vhost settings. ( if that helps )

I ran this command:

certbot --apache

Do you also have the configuration generated by certbot? Or the changes it made?

It should not modify existing configurarion directives, so this sounds like a bug to me.

I just let it do its thing, default options. So I’m honestly not sure what changes it made, everything works, all my hosts, subdomains, everything, the only thing that breaks is basic authentication, making essentially every part of the website accessible to everybody. I did try something, I set my authentication options that you see there into a separate .htaccess file to see if that might fix the problem, but I tried that and it did not.

You may have had a generic port 443 server created. Try copying your sections to the new server block in your config and see if that fixes authentication.
Simply put your port 443 vhost should look like your port 80 one except for the addition of the SSL settings.

1 Like

Hmmmmm, that sounds about right, so I’m guessing this basically created a raw unconfigured vhost for port 443, ok then. So in theory I just copy my *80 config over to that new host. Ill give it a go, thanks if it doesn’t work Ill come back with my tail between my legs. :stuck_out_tongue:

Once you get the 443 one working you can turn the 80 one into a 301 redirect.

1 Like

This should be something certbot should do for you.

Can you paste the 443 virtualhost generated by certbot? And do you have other virtualhosts which may have been the template for this new virtualhost?

Oh its working, I just needed to edit /etc/apache2/sites-enabled/000-default-le-ssl.conf and change the default directory, YAY!!

You guys are amazing, Ill make sure to drop a donation in the box.

THANK YOU!! We are now encrypted!

So certbot used 000-default.conf as a template. Would that have been logical in your opinion? I.e., did 000-default.conf contain the required virtualhost too?

Congrats! but that still looks like plain text - LOL
This is encrypted: "V2UgYXJlIG5vdyBlbmNyeXB0ZWQh"

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.