AutoSSL fails to Auto Update Certificates
I found this morning that AutoSSL failed to update a certificate automatically on the following situation:
When the domain is covered by a HTTPAuth password protection and/or when the domain has a custom HSTS header:
.htaccess:
RewriteCond %{HTTPS} !on
RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ ([^\ ]+)
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^
-
Hello, Can you verify if the "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" option is enabled under the "Domains" tab in "WHM >> Tweak Settings"? Thank you. 0 -
Hello Michael, Yes, this setting is enabled on my WHM. The more I look at it the issue the more I suspect it's the HTTPAuth causing this but I've not found any other sites on my server yet with HSTS that need to auto udate their TLS yet, so can't confirm... yet. 0 -
I noticed a similar behaviour and reported it in the ticket with number 8839375 however I am still waiting for reply 0 -
The more I look at it the issue the more I suspect it's the HTTPAuth causing this but I've not found any other sites on my server yet with HSTS that need to auto udate their TLS yet, so can't confirm... yet.
The AutoSSL validation attempt will fail if password authentication is required. You'd need to setup a rule that excludes specific IP addresses from the authentication requirement. Comodo validates the DCV file from the following IP addresses:178.255.81.12 178.255.81.13 91.199.212.132 199.66.201.132
I noticed a similar behaviour and reported it in the ticket with number 8839375 however I am still waiting for reply
In this case, it looks like it was caused by the account's .htaccess using "root" ownership. Updating the ownership of the .htaccess file to the account username corrected the issue. Thank you.0 -
Thanks for the clarification Michael, I will add some complexity to the HTTPAuth. Cheers 0
Please sign in to leave a comment.
Comments
5 comments