Hello again and thanks for your help.
Here is my complete httpd.conf file. The virtualhost concerned is the one called "meetropole.com"httpd.txt (22.5 KB)
And my htaccess files (there are 3 in cakephp)
htaccess.txt (2.4 KB)
Hello again and thanks for your help.
Here is my complete httpd.conf file. The virtualhost concerned is the one called "meetropole.com"httpd.txt (22.5 KB)
And my htaccess files (there are 3 in cakephp)
htaccess.txt (2.4 KB)
Please quickly try this as a replacement for your config of meetropole.com in your httpd.conf file.
<VirtualHost 85.236.155.48:80>
ServerName meetropole.com
ServerAlias www.meetropole.com
DocumentRoot /home/ludoludo/public_html
ServerAdmin webmaster@meetropole.com
UseCanonicalName Off
CustomLog /usr/local/apache/domlogs/meetropole.com combined
#Add Alias For Lets Encrypt WebRoot Authentication Using ACME
AliasMatch ^/.well-known/acme-challenge/(.*)$ /home/ludoludo/public_html/.well-known/acme-challenge/$1
Alias /.well-known/acme-challenge//home/ludoludo/public_html/.well-known/acme-challenge/
<Directory "/home/ludoludo/public_html/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
<IfModule log_config_module>
<IfModule logio_module>
CustomLog /usr/local/apache/domlogs/meetropole.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
</IfModule>
</IfModule>
## User ludoludo # Needed for Cpanel::ApacheConf
<IfModule userdir_module>
<IfModule !mpm_itk.c>
<IfModule !ruid2_module>
UserDir disabled
UserDir enabled ludoludo
</IfModule>
</IfModule>
</IfModule>
I still have the same error message
Check the Apache error log - I wonder if you might have the same âsymlink protectionâ interfering here similar to what was happening in another thread.
Also it helps to enable rewrite logging when you have any rewrites and suspect that they are getting triggered (for example if file/dir is immediately deleted or not created, youâd be hitting the framework handler).
http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging
Yes, that was my next suggestion, check your logs. Something is blocking ./ or /. ⌠could be your rewrite rules in your .htaccess as @leader has suggested.
You could also, as suggested earlier on by @serverco is to disable your .htaccess file by renaming it for a little bit to old.htaccess or something like that.
Cut things out of the equation that may be causing interference with the apache config.
Also, if you are on apache 2.4 you could try and change this section of the config I sent you, just add the one line.
<Directory "/home/ludoludo/public_html/.well-known/acme-challenge/">
Options None
AllowOverride None
Require all granted
ForceType text/plain
RedirectMatch 404 â^(?!/.well-known/acme-challenge/[\w-]{43}$)â
</Directory>
i tried to disable the htaccess, the error is now a 406 instead of 404
[root@vps1128 letsencrypt]$ curl -I http://meetropole.com/.well-known/acme-challenge/test.txt HTTP/1.1 406 Not Acceptable Date: Tue, 14 Jun 2016 19:56:48 GMT Server: Apache Content-Type: text/html; charset=iso-8859-1
I tried âRequire all grantedâ, no effect
I will investigate the logs, need to see how it works
thanks
the logs are not generated, maybe because there is this virtualhost thing with a different user than the root one. grrrr Iâm getting mad, I guess I will have to pay someone from my webhosting company
Include "/usr/local/apache/conf/modsec2.conf"
...
HTTP/1.1 406 Not Acceptable
406 is usually returned by mod_security.
ModSec is a good thing by itself but you need to check its rules. You could temporarily disable it like shown below, but I'd really recommend you to check the rules before doing something like that.
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
Also check this - http://www.mickgenie.com/cpanel-how-to-disable-mod_security2-for-account-or-path/
if I do
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
curl works
[ root@vps1128 letsencrypt]$ curl -I http://meetropole.com/.well-known/acme-challenge/test.txt
HTTP/1.1 200 OK
Date: Tue, 14 Jun 2016 21:42:48 GMT
Server: Apache
Last-Modified: Sun, 12 Jun 2016 17:11:21 GMT
Accept-Ranges: bytes
Content-Length: 5
Vary: User-Agent
Content-Type: text/plain; charset=UTF-8
and if I corrupt the name of my htaccess files the error is changing for letsencrypt command ;
[root@vps1128 letsencrypt]$ ./certbot-auto certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m dnsadmin@meetropole.com --webroot -w /home/ludoludo/var/www/html/ -d meetropole.com --renew-by-default --test-cert
Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. meetropole.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://meetropole.com/.well-known/acme-challenge/_zkDdkOqjMpo0vaT8x9Nzb3IQL8d9rpF_PYrez7Rs8c: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: meetropole.com
Type: unauthorized
Detail: Invalid response from
http://meetropole.com/.well-known/acme-challenge/_zkDdkOqjMpo0vaT8x9Nzb3IQL8d9rpF_PYrez7Rs8c:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
There should be a related record in the Apache error log for that 404. That might give you a hint whatâs wrong (for example - symlink protection).
something like this?
[Wed Jun 15 00:08:40.663268 2016] [rewrite:trace2] [pid 22473:tid 139853102565120] mod_rewrite.c(476): [client 66.133.109.36:57341] 66.133.109.36 - - [meetropole.com/sid#9fff78][rid#7f320800eaa0/initial] init rewrite engine with requested uri /.well-known/acme-challenge/aYODGTJ5-rMxBpj_PP_zhd-QElw_r6bRSKVsG3EoEyA [Wed Jun 15 00:08:40.663337 2016] [rewrite:trace1] [pid 22473:tid 139853102565120] mod_rewrite.c(476): [client 66.133.109.36:57341] 66.133.109.36 - - [meetropole.com/sid#9fff78][rid#7f320800eaa0/initial] pass through /.well-known/acme-challenge/aYODGTJ5-rMxBpj_PP_zhd-QElw_r6bRSKVsG3EoEyA [Wed Jun 15 00:08:40.663617 2016] [rewrite:trace2] [pid 22473:tid 139853102565120] mod_rewrite.c(476): [client 66.133.109.36:57341] 66.133.109.36 - - [meetropole.com/sid#9fff78][rid#7f320800e6c0/initial/redir#1] init rewrite engine with requested uri /404.shtml [Wed Jun 15 00:08:40.663639 2016] [rewrite:trace1] [pid 22473:tid 139853102565120] mod_rewrite.c(476): [client 66.133.109.36:57341] 66.133.109.36 - - [meetropole.com/sid#9fff78][rid#7f320800e6c0/initial/redir#1] pass through /404.shtml
Try setting your Apache combined log format to.
LogFormat "%h %l %u %t \"%r\" %>s %O %b %D \"%{Referer}i\" \"%{User-Agent}i\"" combined
Then restart apache and monitor this file
/usr/local/apache/domlogs/meetropole.com
You are getting closer ⌠be careful with mod_security it can have nasty side effects if not carefully configured.
hello MitchellK,
itâs returning this, does it mean something to you?
66.133.109.36 - - [15/Jun/2016:21:25:20 +0200] âGET /.well-known/acme-challenge/v4Ac1OgZNAXxb73HB9wNRtg1-kO-0is2ZToduHs0hxI HTTP/1.1â 404 551 - 889 â-â âMozilla/5.0 (compatible; Letâs Encrypt validation server; +https://www.letsencrypt.org)â
thanks
Well now that your apache log is showing whatâs really going on, it showing you a 404 error ânot foundâ. It means your apache config is still not right and apache is blocking the location /.well-known/
I will have a look through your config file again in the morning
Got it, will have a look through it for you.
Give this a try and make sure .htaccess is disabled before you do. I have heavily commented your file so have a good look through it. Let me know if this helps at all and monitor your logs when you test again.
httpd-mk.txt (26.6 KB)
thank you for your time
I tested it and it is changing nothing
I still have a 404 error
Try this please
So check if /home/ludoludo/public_html/.well-known/acme-challenge exists
If not then
cd /home/ludoludo/public_html
mkdir .well-known
cd .well-known
mkdir acme-challenge
chmod -R www-data: /home/ludoludo/public_html
chmod -R 755 /home/ludoludo/public_html/.well-known
Then .... place a simple html file in that folder as follows
cd /home/ludoludo/public_html/.well-known/acme-challenge/
nano test.html
In that file just put the following text, save and exit
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>Test HTML File</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
</head>
<body>
<p>HELLO ACME</p>
</body>
</html>
Then go to
http://www.meetropole.com/.well-known/acme-challenge/test.html
If you see the HELLO ACME then that folder no works and exists.
Delete the test file and then try your ./certbot-auto command again
we are probably closer
http://www.meetropole.com/.well-known/acme-challenge/test.html returns a 404
but if I create a directory just called acme it works
http://www.meetropole.com/.well-known/acme/test.html
something with the â-â?
`