<div dir="ltr">Michael,<div><br></div><div>Thanks for the suggestion but now its worse. I am stuck with a self signed certificate. LE will not work for site2.</div><div><br></div><div>There is no .htaccess file being used by site2 <a href="http://www.vendig.com">www.vendig.com</a>. Its a boring old site actually.</div><div><br></div><div>This issue is that the site2 file is rewritten improperly during the LE attempt at renewal. So apache dies during restart.</div><div>So of course LE cannot verify the website.</div><div><br></div><div>Line 46 seems unrelated to any cert renewal process so there is some kind of bug here.</div><div><br></div><div><IfModule mod_suphp.c><br> suPHP_Engine on<br> suPHP_UserGroup vendigadmin site2<br> AddType application/ .php<br> AddHandler .php .php5 .php4 .php3 .phtml<br> suPHP_AddHandler x-httpd-suphp<br> suPHP_ConfigPath /home/.sites/site2/wwwroot/<br></IfModule><br></div><div><br></div><div>is written as:</div><div><br></div><div><IfModule mod_suphp.c><br> suPHP_Engine on<br> suPHP_UserGroup vendigadmin site2<br> AddType application/ .php<br> AddHandler .php .php5 .php4 .php3 .phtml<br> suPHP<br> suPHP_ConfigPath /home/.sites/site2/wwwroot/<br></IfModule><br></div><div><br></div><div>Why is the AddHandler line mangled?</div><div><br></div><div>Herb</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jan 30, 2024 at 8:05 AM Michael Stauber via Blueonyx <<a href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Taco,<br>
<br>
> @Michael, it might make sense to see if the LetsEncrypt “path” that is <br>
> used for the Domain checks can somehow be forced and not overridden with <br>
> .htaccess files.<br>
> Or maybe document what needs to be added to the .htaccess file to <br>
> exclude the path that is used for LetsEncryp.<br>
We already have a lot of exception built in for this. For example:<br>
<br>
[root@bx ~]# cat /etc/httpd/conf.d/acme_sh.conf<br>
Alias /.well-known/acme-challenge/ /home/.acme/<br>
<Directory "/home/.acme/"><br>
Options FollowSymLinks<br>
AllowOverride None<br>
ForceType text/plain<br>
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"<br>
Require all granted<br>
</Directory><br>
<br>
That redirects all calls for /.well-known/acme-challenge/ to <br>
/home/.acme/, where Let's Encrypt stores the verification files.<br>
<br>
Additionally we temporarily disable during the LE-cert request the <br>
following Vsite related configurations (if they are enabled):<br>
<br>
- "Force HTTPS" in "Site Management" / <Vsite> / "SSL"<br>
- "Redirect/Proxy Website" in "Site Management" / <Vsite> / "Services" /<br>
"Web"<br>
<br>
However: When a Vsite is accessed during the verification, then Apache <br>
still uses the <VirtualHost>-container to get the rest of the settings <br>
and configs for that Vsite *before* the above path related <br>
<Directory>-Rule triggers.<br>
<br>
And .htaccess (if present) counts as an exception and any rules in it <br>
will be honored.<br>
<br>
I'm a bit torn about renaming .htaccess during the LE request. For <br>
starters this can break the website in the process. On the other hand: <br>
.htaccess are usually not allowed and you have to specifically allow <br>
them. Plus it's not exactly our fault if someone puts something into a <br>
custom .htaccess that breaks stuff. :p<br>
<br>
For example: If you have a redirect in your .htaccess? Why is it in <br>
there and why don't you use the "Force HTTPS" or "Redirect/Proxy <br>
Website" options that the GUI provide and which are covered by our <br>
handling of LE-requests?<br>
<br>
I'm not saying "no" to another exception for .htaccess and will think <br>
about it. But out of curiosity: What kind of redirect did you have in there?<br>
<br>
-- <br>
With best regards<br>
<br>
Michael Stauber<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it" target="_blank">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" rel="noreferrer" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</blockquote></div>