Hi Guys.
I have one website which had a .htpasswd protection so users have to authenticate to view the page.
This all worked fine with none https
After i've installed Letsencypt although the HTTPS works fine, no problems there it is ignoring the .htpasswd and anybody can view the site which is not good.
The 000-default-le-ssl.conf and 000-default.conf are almost the same bar the ssl additions LE made.
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName ..com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<files xmlrpc.php>
order allow,deny
deny from any
</files>
SSLCertificateFile /etc/letsencrypt/live/***.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/***.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName [***.com]()
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<files xmlrpc.php>
order allow,deny
deny from any
</files>
RewriteEngine on
RewriteCond %{SERVER_NAME} =***.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Note - If i change the AllowOveride to None on the SSL conf the password protection does work, however then none of my permalinks and articles DO.
Im new to Letsencrypt and my installation was just the defaults. Other than this password protection being ignored in SSL everything else is working great.
I did find the below thread:
However the solution does not seem clear as my directories in the conf files are correct?
Thanks in advance.