AutoSSL not renewed due to content in .htaccess file
Hi,
I have a reseller account and one of the domains could not be updated with AUTOSSL.
My hosting provider said it was due to the .htaccess file that the installation of the SSL certificates failed.
This has now been going on for a few days and the certificates have still not been able to install.
I have gone through the .htaccess file but can"t figure out what causes the AUTOSSL to NOT install.
I have attached the .htaccess file and would appreciated any pointers.
Thanks
J
Sorry forgot to add that i use WHM 64.0 build32.
-
Hello, The previous post is correct. Your .htaccess file includes several query strings. You may need to disable those redirect rules one by one until you are able to determine which specific rule is the culprit. Here's an example of the URL that needs to be accessible: HTTP://yourdomain.tld/.well-known/pki-validation/
Alternatively, you can ask your hosting provider to enable the following option under the "Domains" tab in "WHM >> Tweak Settings": Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) Per it's description: When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each virtual host"s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions.
Thank you.0 -
As for your .htaccess rules... You have not stated which ssl provider is having their validation fail, so its hard to know what to look for in your .htaccess file. That said if it is comodo failing then look to the following rule. Line 279 has the following rule. # 5G:[USER AGENTS] # SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out Order Allow,Deny Allow from all Deny from env=keep_out
This rule sets the environment variable keep_out if the user-agent string matches comodo. It then denys request for which the environment variable is set to keep_out. A0 -
fuzzylogic - Thanks a lot for this. Yes, the SSL provider is Comodo. What I did was to temporarily revert back to the original .htaccess file and the certificates have now been updated and installed. When I amend the .htaccess file - how can I afterwards test if this is working ie allow comodo? Thanks JH 0 -
To test this you would remove the ssl certificate then attempt to issue it again. I have no experience using cPanel's autossl so will not attempt to advise you how to do this. Maybe some with more experience could advise you. If after testing you find that the # 5G:[USER AGENTS] code block in your .htaccess file is the cause of the comodo autossl problem then that block could be removed by unchecking the following checkbox. WP Security => Settings => Firewall => 6G Blacklist Firewall Rules => Enable legacy 5G Firewall Protection: (checkbox) It looks to me as if the 5G rules were an old version of the 6G rules, so you would not lose much by disabling them. 6G:[USER AGENTS] code block does not include the comodo string, so it should not block the domain validation request. 0
Please sign in to leave a comment.
Comments
5 comments