AutoSSL and password protected domains
I started using AutoSSL when it became available and I have to say I really like it as it is one less thing to worry about and take care of. BUT...
I have a few domains which I have setup basic authorization for on the public_html folder. In other words, you need to 'login' before you can view anything on the domain. These are domains I use for testing purposes generally. AutoSSL renewal fails on these domains because it cannot create/access the text verification file that is added to the root directory now that they have been pw'ed.
So, I am in bit of a bind here... I want these domains to have SSL certs for testing purposes to match up with the 'production' domains yet I also want these pw'ed because I do not want the public to have access to anything on them.
Is there anything I can do short of deleting all my files, taking off the pw protection, and letting AutoSSL renew the certs? This will be a pain in the ass to do this every time they need renewed.
-
What if you moved your actual password-protected sites to a password-protected subfolder, leaving just a blank index.htm in the /public_html and removing the password-protection for /public_html? That way, AutoSSL could install an SSL certificate that would be valid for all your subfolders and password-protected sites. You might be able to use redirects in the /public_html/.htaccess to deal with the move and make it transparent for your users. You might also be able to use a subdomain instead of a subfolder. I'm not sure if AutoSSL needs to put the text file in a subdomain, or just /public_html, but that might be better. I think moving the sites to a subfolder/subdomain is better than a temporary fix because the AutoSSL certs renew every 90 days. 0 -
There are no users - these are for my own use, mostly testing, which is why I want them blocked off from public access. I believe subdomains would require the same text file for AutoSSL, but if anyone knows for sure please comment. A folder is certainly an option, but then that kind of defeats the whole testing purpose if the links would have a different structure (I will have to look at htaccess stuff to see if there is something to change that and mimic the files actually being at root rather than in a folder under root). 0 -
Hello, You could exclude certain file extensions (.cpaneldcv, .txt) via entries like this in the .htaccess file: Allow from all Satisfy any Allow from all Satisfy any
This would work, assuming you have no .txt files you need to protect in the directory. Thank you.0
Please sign in to leave a comment.
Comments
3 comments