Only one seen.
Please show:
find /etc/apache2 -name .htaccess
# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
What about router port forwarding mix up?
It almost seems like we aren't reaching that http VirtualHost
There are none in the /etc tree, in the /var/www tree,
# cat /var/www/TheveninsKeep.com/html/.htaccess
AddHandler application/x-httpd-php .php .php5 .html .htm
Let know once that's done [and Apache
has been restarted]
completed, restarted, no errors on start
That would definitely do this!
Let's have a look at the NAT table.
yahtzee
website Port-Remap 80 80 TCP or UDP eth0.v2102 192.168.1.21 443
website-ssl Port-Remap 443 443 TCP or UDP eth0.v2102 192.168.1.21 443
Rule changed
website-ssl Port-Remap 443 443 TCP or UDP eth0.v2102 192.168.1.21 443
website Port-Remap 80 80 TCP or UDP eth0.v2102 192.168.1.21 80
B I N G O !
Now we're getting somewhere:
curl http://theveninskeep.com/.well-known/acme-challenge/Test_File-1234
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at theveninskeep.com Port 80</address>
</body></html>
No more 400 - now 404 ! ! !
cert renew success, conf changed back
I'd think twice about that.
It's back to the
<VirtualHost *:80>
#ServerAdmin admin@TheveninsKeep.com
ServerName TheveninsKeep.com
DocumentRoot /var/www/TheveninsKeep.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#<Directory "/var/www/TheveninsKeep.com/html">
# AuthType Basic
# AuthName "Restricted Content"
# AuthUserFile /var/www/TheveninsKeep.com/passwords
# Require valid-user
#</Directory>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI}
</VirtualHost>
I did a dry-run again after renew just to check and it returned success
That is a bad idea; If you intend on securing that same directory via HTTPS and authenticated logins.
If you come through the front door - a key is required
If you come through the back door - well come on in!
that was my original thought. So just leave it as testfile?
I would make a completely separate path - dedicated to only the challenge requests.
But I'm the paranoid type - Who said that?
not it, but thanks for the pointer. The root is now pointed to a very pointed message.
I believe this was my thought process when I made that router change lol. back door, what back door, go around
Totally agree! But, doesn't the apache plug-in do that for them as part of the temp changes?
_az (a certbot dev) recently described the temp changes in linked thread. I haven't setup a test myself to verify but he should know.
OH. Super glad you found the culprit !
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.