Hey All;

I am using licenced Direct Admin panel. I have host deryakursunsatis.com and I am trying to install free SSL Lets Encrypt to domain.

But it takes error always. I click tab on Direct Admin > SSL Certificates > Free & automatic certificate from Let's Encrypt

and after this error shown:

COULD NOT EXECUTE YOUR REQUEST

Challenge pre-checks for http://deryakursunsatis.com/.well-known/acme-challenge/letsencrypt_1604927974 failed... Command: /usr/local/bin/curl --connect-timeout 40 -k --silent --resolve deryakursunsatis.com:80:84.54.12.159 --resolve deryakursunsatis.com:443:84.54.12.159 -I -L -X GET http://deryakursunsatis.com/.well-known/acme-challenge/letsencrypt_1604927974 Exiting.

What must ı do for solution ?

Hi @mkartalaydin

check that url. There is a

Forbidden

You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe

You must allow file access in /.well-known/acme-challenge.

Change that.

there is no file in that folder
it is empty sir.

Also there was no folder on public_html .well-known and acme-challenge
I created them manually !
Must I change folder permission to 777 ?

That's good.

Create the two subdirectories, there a test file (file name 1234 without extension), then try to load that file via

http://deryakursunsatis.com/.well-known/acme-challenge/1234

That must work.

https://deryakursunsatis.com/.well-known/acme-challenge/1234.html

I created 1234.html but still no access

Forbidden

You don't have permission to access this resource.Server unable to read htaccess file, denying access to be safe

[Mon Nov 09 17:16:08.197327 2020] [core:crit] [pid 20158:tid 140606139094784] (13)Permission denied: [client 212.156.135.38:57871] AH00529: /var/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/' is executable

this is writing on error log file

What are the permissions of:

• /var/www/.well-known
• /var/www/.well-known/acme-challenge
• /var/www/.well-known/acme-challenge/1234.html

Do you have an .htaccess file in:

• /var/www
• /var/www/.well-known
• /var/www/.well-known/acme-challenge

You use DirectAdmin.

So DirectAdmin may manage these rights.

Check the DirectAdmin-documentation if there is an option how to change these directory rights.

any .htaccess file in this folders

I'm not exactly sure from where the last error message you posted came, but it seemed to indicate the presence of a .htaccess file in your webroot (/var/www). The usage of this hidden file is fairly common. Juergen has made a good observation about DirectAdmin possibly managing permissions (and likely .htaccess files) for you.

You want /var/www, /var/www/.well-known, and /var/www/.well-known/acme-challenge to at least have 711 permissions, but 755 permissions are better. You want 1234.html to have 644 permissions.

The strict permissions for /var/www might explain why your website is currently returning a 503 error.

There might be other issues too:

Screenshot_20201109-113717_Samsung Internet1439×957 133 KB

Maybe 644.

You were asked to create 1234 not 1234.html

That seems to be a group membership permissions problem.

Those are terrible permissions for a directory. No one could access files in the directory!

Do you even know what 644 means?
-rw-r--r-- = 644
-rwxrwxrwx = 777

Read and write (6), read (4), but no execute.

Screenshot_20201109-131103_Samsung Internet1164×1044 314 KB

I don't see that played out in the field.

If the world (others) doesn't have the execute permission, how will they access files in the folder? Am I wrong here?

OK, I see:
for directories:
drwxr-xr-x = 755
for files:
-rw-r--r-- = 644

BUT NEVER 777

Exactly. I get this lost in my head often too. The difference in the execute permission between files and folders is weird.

Yeah execute there does seem a bit misused.

I feel like it was a kludge to keep the bit scheme the same. Calling it "access" instead of "execute" is more logical for folders.