.htaccess blocking renewal of Let's Encrypt certificate on Cloudways

MikaelMortensen · August 28, 2017, 8:34am

Hi,

I have an issue with my .htaccess blocking the renewal of the Let’s Encrypt certificate.

My site is hosted at Cloudways, and they have told me, that the .htacces is at fault. If I rename the .htaccess, the renewal works fine.

The site is https://babyfryd.dk/ and is based on Prestashop.

My .htaccess is inserted below.

Can you please help me with changing my .htaccess?

Best regards and thanks,

Mikael

# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>

RewriteEngine on


#Domain: babyfryd.dk
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]

RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/x-font-woff .woff
<IfModule mod_headers.c>
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|svg)$">
		Header add Access-Control-Allow-Origin "*"
	</FilesMatch>
</IfModule>

<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType text/css "access plus 1 week"
	ExpiresByType text/javascript "access plus 1 week"
	ExpiresByType application/javascript "access plus 1 week"
	ExpiresByType application/x-javascript "access plus 1 week"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresByType image/svg+xml "access plus 1 year"
	ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
	ExpiresByType application/font-woff "access plus 1 year"
	ExpiresByType application/x-font-woff "access plus 1 year"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
	ExpiresByType font/opentype "access plus 1 year"
	ExpiresByType font/ttf "access plus 1 year"
	ExpiresByType font/otf "access plus 1 year"
	ExpiresByType application/x-font-ttf "access plus 1 year"
	ExpiresByType application/x-font-otf "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
	Header unset Etag
</IfModule>
FileETag none
<IfModule mod_deflate.c>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/x-javascript font/ttf application/x-font-ttf font/otf application/x-font-otf font/opentype
	</IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again

#Force non-www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.babyfryd\.dk [NC]
RewriteRule ^(.*)$ https://babyfryd.dk/$1 [L,R=301]
 
#RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://babyfryd.dk/$1 [R=301,L]

mkwm · August 28, 2017, 9:59pm

I’ve tried your .htaccess file on my server and I think it shouldn’t interfere with certificate issuance or renewal using http-01 method (which I believe is what they are using, if you mention issues with .htaccess); 3 lines below # Dispatcher comment should suppress any rewrites for already existing files. It would help if you can share what exact error message they get when they try to renew your certificate.

Can you check whether you have .well-known/acme-challenge directory under document root specified for your domain (probably it’s the same directory where .htaccess file is located)? Try to create some file there with dummy contents and then access it using browser (for example: http://babyfryd.dk/.well-known/acme-challenge/test).

MikaelMortensen · August 29, 2017, 7:35am

Hi mkwm,

Thanks for replying to my post.

I've just tried to renew the certificate again, but just got the reply, that "An unexpected error occured". The excact error is probably hidden by Cloudways. But yesterday I chatted with their support, and they told me it was due to the .htaccess file.

I do not have a .well-known/acme-challenge directory where the .htaccess is placed.

I've found this reply in another similar topic, but am not sure if a similar solution will work for me. My knowledge in .htaccess is not too good.

If you add in your drupal .htaccess just above

RewriteRule "(^|/)." - [F]

the following rule:
RewriteRule "^.well-known/acme-challenge" - [L]

Then automated letsencrypt works on our cPanel install.s

And once again; thanks for helping out!

Best regards,

Mikael

mkwm · August 29, 2017, 8:06am

Hmm... If there isn't .well-known/acme-challenge directory inside your document root, then maybe Cloudways is using some specific configuration to handle requests for this path - which indeed can be affected by mod_rewrite rules.

I believe that putting:

before PrestaShop generated section can do the trick.

MikaelMortensen · August 29, 2017, 8:26am

It works!

Thanks a million for your effort…

Have a nice day.

Best regards,

Mikael

system · September 28, 2017, 8:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.