Now I have the desagreable situation that I do not redirect 80 to 443 but already have access control on 80. Any clue how to combine the two allowing certbot to pass? I am asking since certbot runs into a authentication error on 80 now.
If you’re doing HTTP validation, Let’s Encrypt needs to be able to reach you on port 80 from anywhere on the Internet, at the /.well-known/acme-challenge path. If that isn’t desirable for you, look into DNS validation instead.
Exactly, this is why I posted my question. I am sure that there is a way to configure Apache like this. In case there is anybody around with a solution I will gladly use it.
This is not an option to me since it is a very painful method.
Are you using certbot’s apache authenticator or its webroot authenticator? I think the apache authenticator should be able to handle this situation automatically (provided your version of certbot isn’t too old).
If you need to use the webroot authenticator for some reason, you might try whitelisting the /.well-known/acme-challenge path so that it doesn’t require a password. The following works for me:
<Location /.well-known/acme-challenge>
Require all granted
</Location>
Yeah, I am using the webroot authenticator. Wonderful solution which appears not to be too difficult, but I am obviously not an Apache guru. Anyways, this was exactly what I was looking for and it works perfect. Thanks a lot for helping me out of my misery and have a great day!!