jobet
June 16, 2022, 1:01pm
#1
Hi,
I have a site with httpauth activated. SSL certificate renewal is not working and an error message shows up:
Error: Let's Encrypt validation status 400 (domain.com). Details: Unable to update challenge :: authorization must be pending
What’s the best way to solve this?
ScIT
June 16, 2022, 1:21pm
#2
Check the lets encrypt log, probaly your httpauth also restricts the LE validation process, so you would probaly need to exclude that path → SSL Certificates and Let's Encrypt — Hestia Control Panel documentation
1 Like
jobet
June 16, 2022, 5:05pm
#3
Trying lo lookup for LE logs, but there’s nothing like LE-{user}-{domain}.{time}.log in /var/log/hestia…
I’m using HestiaCP 1.6
eris
June 16, 2022, 5:20pm
#4
LE-{user}-{domain}.log should work fine
jobet
June 16, 2022, 6:14pm
#5
There isn’t any log file starting with LE* in /var/log/hestia (…)
ScIT
June 17, 2022, 2:19pm
#7
No idea how you implemented htaccess, probaly gibe it a try there.
jobet
June 17, 2022, 3:21pm
#8
Sorry, didn’t mention it… I’m using Nginx and I implemented SSL certificates through HestiaCP feature.
Usually, using certbot I add a directive in Nginx virtual host file like this:
location ~ /\.(?!well-known\/) {
auth_basic off;
allow all;
}
ScIT
June 17, 2022, 4:42pm
#9
looks good, place that into your template and it should work.
jobet
June 17, 2022, 6:16pm
#10
Ok, but looking into the “wordpress” default template I’m using there’s already a default directive that says:
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
What is it used for?
eris
June 17, 2022, 6:26pm
#11
It denies access for all hidden folders
jobet
June 17, 2022, 7:50pm
#12
It denies access to all hidden folders, except LE well-known folder?