Httpauth and SSL certificate renewal

jobet · June 16, 2022, 1:01pm

Hi,
I have a site with httpauth activated. SSL certificate renewal is not working and an error message shows up:
Error: Let's Encrypt validation status 400 (domain.com). Details: Unable to update challenge :: authorization must be pending

What’s the best way to solve this?

Raphael · June 16, 2022, 1:21pm

Check the lets encrypt log, probaly your httpauth also restricts the LE validation process, so you would probaly need to exclude that path → SSL Certificates and Let's Encrypt — Hestia Control Panel documentation

jobet · June 16, 2022, 5:05pm

Trying lo lookup for LE logs, but there’s nothing like LE-{user}-{domain}.{time}.log in /var/log/hestia…

I’m using HestiaCP 1.6

eris · June 16, 2022, 5:20pm

LE-{user}-{domain}.log should work fine

jobet · June 16, 2022, 6:14pm

There isn’t any log file starting with LE* in /var/log/hestia (…)

jobet · June 17, 2022, 11:20am

How do you do that?

Raphael · June 17, 2022, 2:19pm

No idea how you implemented htaccess, probaly gibe it a try there.

jobet · June 17, 2022, 3:21pm

Sorry, didn’t mention it… I’m using Nginx and I implemented SSL certificates through HestiaCP feature.
Usually, using certbot I add a directive in Nginx virtual host file like this:

location ~ /\.(?!well-known\/) {
       auth_basic off;
       allow all;
	}

Raphael · June 17, 2022, 4:42pm

looks good, place that into your template and it should work.

jobet · June 17, 2022, 6:16pm

Ok, but looking into the “wordpress” default template I’m using there’s already a default directive that says:

location ~ /\.(?!well-known\/) {
        deny all;
        return 404;
    }

What is it used for?

eris · June 17, 2022, 6:26pm

It denies access for all hidden folders

jobet · June 17, 2022, 7:50pm

It denies access to all hidden folders, except LE well-known folder?

eris · June 17, 2022, 9:06pm

Yes …