NethServer Version: 7.7
Module: web-server(htaccess), certificates(letsencrypt)
I have a .htaccess in /var/www/html containing:
php_flag display_errors on
When I try to request a cert using cockpit it succeeds.
But, when I add either of the following, it fails:
RewriteEngine On
RewriteRule /\.|^\.(?!well-known/) - [END]
(This is to keep from rewriting LE)
How come?
(note: the .htaccess itself is not the problem)
The following should work with LE:
php_flag display_errors on
RewriteEngine on
RewriteRule ^/\.well-known/ - [L]
Not working
Validation failed: Challenge failed for this domain(s)
Could this have something to do with it?:
In Apache 2.4 every global option is inherit by all virtual hosts, except for the Rewrite directives.
Could you please share your /var/www/html/.htaccess and what you want to achieve with it or which software it comes from?
I don’t think so.
/var/www/html/.htaccess
RewriteEngine on
RewriteRule ^/.well-known/ - [L]
php_flag display_errors on
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
This Fails LE
From no software. I use pure HtmlCssJs Php.ht. No bootstrap, jquery, wp or other bs.
For now I want to be able to redirect http to ssl, but later i want to do some URL rewrites eg /dir → Some other dir/index?something. But to do this I must have LE not fail at simply turning on mod_rewrite.
Sorry, I can’t reproduce. When I use your .htaccess file as you posted it I can get certs without a problem.
Maybe you find more information in /var/log/letsencrypt/letsencrypt.log
Blind shot: Do you have a geoblocking firewall or some other software that blocks LE validation in some cases?
2020-04-11 13:00:00,012:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672188 HTTP/1.1” 200 808
2020-04-11 13:00:00,013:DEBUG:acme.client:Received response:
HTTP 200
content-length: 808
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:04 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “me.domain.tld”
},
“status”: “pending”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/GOOx9Q”,
“token”: “[censored]”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/3d9nCw”,
“token”: “[censored]”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/_l95rA”,
“token”: “[censored]”
}
]
}
2020-04-11 13:00:00,013:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,014:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,017:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672189:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,160:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672189 HTTP/1.1” 200 805
2020-04-11 13:00:00,161:DEBUG:acme.client:Received response:
HTTP 200
content-length: 805
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “domain.tld”
},
“status”: “pending”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/HV6Rpw”,
“token”: “[censored]”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/Y17bzw”,
“token”: “[censored]”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/03WjVA”,
“token”: “[censored]”
}
]
}
2020-04-11 13:00:00,162:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,162:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,165:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672190:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,309:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672190 HTTP/1.1” 200 808
2020-04-11 13:00:00,310:DEBUG:acme.client:Received response:
HTTP 200
content-length: 808
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “s2.domain.tld”
},
“status”: “pending”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/rebAEA”,
“token”: “[censored]”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/fOmdnw”,
“token”: “[censored]”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/I2ULtQ”,
“token”: “[censored]”
}
]
}
2020-04-11 13:00:00,310:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,311:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,314:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672191:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,457:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672191 HTTP/1.1” 200 809
2020-04-11 13:00:00,458:DEBUG:acme.client:Received response:
HTTP 200
content-length: 809
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “www.domain.tld”
},
“status”: “pending”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/_EnmrA”,
“token”: “[censored]”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/lHq7Og”,
“token”: “[censored]”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/65OxGg”,
“token”: “[censored]”
}
]
}
2020-04-11 13:00:00,459:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,459:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-04-11 13:00:00,460:INFO:certbot._internal.auth_handler:http-01 challenge for autodiscover.domain.tld
2020-04-11 13:00:00,460:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.domain.tld
2020-04-11 13:00:00,460:INFO:certbot._internal.auth_handler:http-01 challenge for mail.domain.tld
2020-04-11 13:00:00,460:INFO:certbot._internal.auth_handler:http-01 challenge for me.domain.tld
2020-04-11 13:00:00,461:INFO:certbot._internal.auth_handler:http-01 challenge for domain.tld
2020-04-11 13:00:00,461:INFO:certbot._internal.auth_handler:http-01 challenge for s2.domain.tld
2020-04-11 13:00:00,461:INFO:certbot._internal.auth_handler:http-01 challenge for www.domain.tld
2020-04-11 13:00:00,461:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/html for all unmatched domains.
2020-04-11 13:00:00,461:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,462:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,462:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,462:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,462:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,462:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,463:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/html/.well-known/acme-challenge
2020-04-11 13:00:00,469:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,473:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,477:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,482:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,486:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored][censored]
2020-04-11 13:00:00,490:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,494:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,495:INFO:certbot._internal.auth_handler:Waiting for verification…
2020-04-11 13:00:00,495:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,499:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672185/RCmHpw:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,644:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672185/RCmHpw HTTP/1.1” 200 191
2020-04-11 13:00:00,645:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672185;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672185/RCmHpw
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672185/RCmHpw”,
“token”: “[censored]”
}
2020-04-11 13:00:00,645:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,646:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,649:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672186/_mmcFA:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,794:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672186/_mmcFA HTTP/1.1” 200 191
2020-04-11 13:00:00,795:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672186;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672186/_mmcFA
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672186/_mmcFA”,
“token”: “[censored]”
}
2020-04-11 13:00:00,795:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,796:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,799:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672187/hOzVuQ:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,946:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672187/hOzVuQ HTTP/1.1” 200 191
2020-04-11 13:00:00,947:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672187;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672187/hOzVuQ
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:05 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672187/hOzVuQ”,
“token”: “[censored]”
}
2020-04-11 13:00:00,947:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,948:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,951:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/GOOx9Q:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,096:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672188/GOOx9Q HTTP/1.1” 200 191
2020-04-11 13:00:00,097:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672188;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/GOOx9Q
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/GOOx9Q”,
“token”: “[censored]”
}
2020-04-11 13:00:00,097:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,098:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,101:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/HV6Rpw:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,246:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672189/HV6Rpw HTTP/1.1” 200 191
2020-04-11 13:00:00,247:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672189;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/HV6Rpw
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/HV6Rpw”,
“token”: “[censored]”
}
2020-04-11 13:00:00,247:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,247:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,251:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/rebAEA:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,398:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672190/rebAEA HTTP/1.1” 200 191
2020-04-11 13:00:00,398:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672190;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/rebAEA
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/rebAEA”,
“token”: “[censored]”
}
2020-04-11 13:00:00,399:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,399:DEBUG:acme.client:JWS payload:
{
“type”: “http-01”,
“resource”: “challenge”
}
2020-04-11 13:00:00,402:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/_EnmrA:
{
“protected”: “[censored]”,
“payload”: “ewogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,548:DEBUG:urllib3.connectionpool:“POST /acme/chall-v3/48672191/_EnmrA HTTP/1.1” 200 191
2020-04-11 13:00:00,549:DEBUG:acme.client:Received response:
HTTP 200
content-length: 191
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672191;rel=“up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/_EnmrA
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/_EnmrA”,
“token”: “[censored]”
}
2020-04-11 13:00:00,549:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,551:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,554:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672185:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,042:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672185 HTTP/1.1” 200 1258
2020-04-11 13:00:00,043:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1258
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:07 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “autodiscover.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://autodiscover.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672185/RCmHpw”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://autodiscover.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “autodiscover.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,043:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,044:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,047:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672186:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,191:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672186 HTTP/1.1” 200 1230
2020-04-11 13:00:00,192:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1230
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “cloud.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://cloud.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672186/_mmcFA”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://cloud.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “cloud.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,192:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,193:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,196:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672187:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,680:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672187 HTTP/1.1” 200 1542
2020-04-11 13:00:00,681:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1542
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “mail.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from https://mail.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672187/hOzVuQ”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://mail.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “mail.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
},
{
"url": "https://mail.domain.tld/.well-known/acme-challenge/[censored][censored][censored]", "hostname": "mail.domain.tld", "port": "443", "addressesResolved": [ "00.000.00.000" ], "addressUsed": "00.000.00.000" } ] }]
}
2020-04-11 13:00:00,681:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,682:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,686:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672188:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,179:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672188 HTTP/1.1” 200 1218
2020-04-11 13:00:00,179:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1218
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:09 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “me.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://me.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672188/GOOx9Q”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://me.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “me.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,180:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,180:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,184:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672189:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,330:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672189 HTTP/1.1” 200 1206
2020-04-11 13:00:00,331:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1206
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:09 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://domain.tld/.well-known/acme-challenge/[censored][censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672189/HV6Rpw”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://domain.tld/.well-known/acme-challenge/[censored][censored][censored][censored]”,
“hostname”: “domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,332:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,333:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,339:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672190:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,484:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672190 HTTP/1.1” 200 1218
2020-04-11 13:00:00,486:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1218
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:09 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “s2.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://s2.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672190/rebAEA”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://s2.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “s2.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,487:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,488:DEBUG:acme.client:JWS payload:2020-04-11 13:00:00,494:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/48672191:
{
“protected”: “[censored]”,
“payload”: “”,
“signature”: “[censored]”
}
2020-04-11 13:00:00,641:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/48672191 HTTP/1.1” 200 1222
2020-04-11 13:00:00,642:DEBUG:acme.client:Received response:
HTTP 200
content-length: 1222
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 13109898
date: Sat, 11 Apr 2020 11:10:09 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: [censored][censored]{
“identifier”: {
“type”: “dns”,
“value”: “www.domain.tld”
},
“status”: “invalid”,
“expires”: “[censored]”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://www.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: "\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp"”,
“status”: 403
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/48672191/_EnmrA”,
“token”: “[censored]”,
“validationRecord”: [
{
“url”: “http://www.domain.tld/.well-known/acme-challenge/[censored][censored][censored]”,
“hostname”: “www.domain.tld”,
“port”: “80”,
“addressesResolved”: [
“00.000.00.000”
],
“addressUsed”: “00.000.00.000”
}
]
}
]
}
2020-04-11 13:00:00,642:DEBUG:acme.client:Storing nonce: [censored][censored]
2020-04-11 13:00:00,643:WARNING:certbot._internal.auth_handler:Challenge failed for domain autodiscover.domain.tld
2020-04-11 13:00:00,643:WARNING:certbot._internal.auth_handler:Challenge failed for domain cloud.domain.tld
2020-04-11 13:00:00,643:WARNING:certbot._internal.auth_handler:Challenge failed for domain mail.domain.tld
2020-04-11 13:00:00,643:WARNING:certbot._internal.auth_handler:Challenge failed for domain me.domain.tld
2020-04-11 13:00:00,644:WARNING:certbot._internal.auth_handler:Challenge failed for domain domain.tld
2020-04-11 13:00:00,644:WARNING:certbot._internal.auth_handler:Challenge failed for domain s2.domain.tld
2020-04-11 13:00:00,644:WARNING:certbot._internal.auth_handler:Challenge failed for domain www.domain.tld
2020-04-11 13:00:00,644:INFO:certbot._internal.auth_handler:http-01 challenge for autodiscover.domain.tld
2020-04-11 13:00:00,644:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.domain.tld
2020-04-11 13:00:00,645:INFO:certbot._internal.auth_handler:http-01 challenge for mail.domain.tld
2020-04-11 13:00:00,645:INFO:certbot._internal.auth_handler:http-01 challenge for me.domain.tld
2020-04-11 13:00:00,645:INFO:certbot._internal.auth_handler:http-01 challenge for domain.tld
2020-04-11 13:00:00,645:INFO:certbot._internal.auth_handler:http-01 challenge for s2.domain.tld
2020-04-11 13:00:00,645:INFO:certbot._internal.auth_handler:http-01 challenge for www.domain.tld
2020-04-11 13:00:00,645:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:Domain: autodiscover.domain.tld
Type: unauthorized
Detail: Invalid response from http://autodiscover.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: cloud.domain.tld
Type: unauthorized
Detail: Invalid response from http://cloud.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: mail.domain.tld
Type: unauthorized
Detail: Invalid response from https://mail.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: me.domain.tld
Type: unauthorized
Detail: Invalid response from http://me.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: domain.tld
Type: unauthorized
Detail: Invalid response from http://domain.tld/.well-known/acme-challenge/[censored][censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: s2.domain.tld
Type: unauthorized
Detail: Invalid response from http://s2.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”Domain: www.domain.tld
Type: unauthorized
Detail: Invalid response from http://www.domain.tld/.well-known/acme-challenge/[censored][censored][censored] [00.000.00.000]: “\n\n403 Forbidden\n\nForbidden
\n<p”To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-04-11 13:00:00,646:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.2020-04-11 13:00:00,646:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-04-11 13:00:00,646:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-04-11 13:00:00,646:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,647:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,647:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,648:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,648:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored][censored]
2020-04-11 13:00:00,649:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,649:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/[censored][censored][censored]
2020-04-11 13:00:00,649:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2020-04-11 13:00:00,650:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.3.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1347, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1233, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 344, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 391, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
having php_flag in .htaccess doesn’t return this error but rewriteengine on does.
Not that I know of and the problem really only occurs when I add any rewriteRule or RewriteEngine in that .htaccess. Otherwise I can renew the cert without problems.
I think I found the error. Yet I do not know how to resolve it.
/var/log/httpd/error_log:Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden
[Sat Apr 11 13:00:00.042801 2020] [rewrite:error] [pid 5278] [client 52.58.118.98:61446] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : /var/www/html/.well-known/acme-challenge/[censored], referer: http://mail.domain.tld/.well-known/acme-challenge/[censored]
You may try Options +FollowSymlinks but as I already said, I can’t reproduce the issue.
Nethserver provides a virtualhost module with HTTP redirect and other features and without affecting LE.
In which file?
/etc/httpd/conf/httpd.conf or
/etc/httpd/conf.d/default-virtualhost.conf
or something else?
/etc/httpd/conf.d/letsencrypt.conf:
Alias “/.well-known/acme-challenge/” “/var/www/html/.well-known/acme-challenge/”
<Directory “/var/www/html/.well-known/acme-challenge/”>
Require all granted
Options -Indexes -FollowSymLinks
AllowOverride None
In the .htaccess file but it’s possible in a conf file too. Apache recommends to use conf files.
https://httpd.apache.org/docs/2.4/howto/htaccess.html#when
Nethserver uses a template system to write config files so you need to create custom templates to make changes to templated config files persistent.
http://docs.nethserver.org/projects/nethserver-devel/en/latest/templates.html
If it does not work please have a look at the virtualhost module. It provides simpler to use features than putting files to /var/www/html and maybe solves the LE issue:
In your certificate log I found that only autodiscover, mail and cloud make problems whereas me, s2 and www are working.
Please check the httpd config files that are used. Maybe it’s about the order.
httpd -S
