AutoSSL and Password Protection

PenguinInternet

• September 03, 2016 06:46

I've seen the same issue present when a site is .htaccess password protected - this stops validation as the file cannot be accessed and so is one scenario to consider

• 

  cPanelMichael

  • September 06, 2016 21:23

  Hello @PenguinInternet, I've moved this post to it's own thread. I'm not sure that temporarily excluding a file name from the password protection feature is a good option from a security perspective. What are your thoughts on that? Note that you can find further discussion of this topic, and a workaround to this issue at: AutoSSL - htaccess whitelist Thank you.

  0
• 

  monarobase

  • September 07, 2016 06:30

  What about simply moving the application to a new folder like, /public_html/secure/ instead of just /public_html and adding a wildcard redirect excluding lets encrypt/comodo verifications. This won't work for everyone but might help in some cases.

  0
• 

  cPanelMichael

  • September 07, 2016 15:44

  What about simply moving the application to a new folder like, /public_html/secure/ instead of just /public_html and adding a wildcard redirect excluding lets encrypt/comodo verifications. This won't work for everyone but might help in some cases.

  
  This might work as a user-submitted workaround in some cases, but moving a directory could open up the potential for additional problems if something goes wrong (e.g. the server stops responding in the middle of the move). Thank you.

  0

Please sign in to leave a comment.