[Webroot] Problem server denying access to .files (hidden files)


#1

I tried to issue a number of certificates for .com and .pl domains. All parameters, etc. are the same, just the TLDs are different:
.com TLD works fine,
.pl TLD fails.

see more:
.pl TLD

# ./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).pl/ -d (domain).pl
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).pl/ -d (domain).pl
Failed authorization procedure. domain.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://(domain).pl/.well-known/acme-challenge/(hash) [(IP)]: 403

IMPORTANT NOTES:
 - The following 'urn:acme:error:unauthorized' errors were reported by
   the server:

   Domains: (domain).pl
   Error: The client lacks sufficient authorization

.com TLD

# ./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).com/ -d (domain).com
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).com/ -d (domain).com

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/(domain).com/fullchain.pem. Your cert will
   expire on 2016-04-09. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Any clues?


#2

This must mean that HTTP access to .com and .pl is somehow handled differently on your end. Check your HTTP server config.

Edit: Specifically, your server replies with Access denied (403) on the .pl domain.


#3

Thank you.

The culprit was server settings to deny access to hidden files (.files).