Primary Server host SSL update 404

JIKOmetrix

• June 07, 2025 12:57

Hello, 

I'm trying to update the SSL certificate for the primary host on my server. My 6 other servers updated no problem. 

I try to run command [root@host106 ~]# /usr/local/cpanel/bin/checkallsslcerts

However the HTTP validation throws 404. 

I can load the validation URL over HTTPS. It seems that HTTP is redirecting to HTTPS. 

From terminal HTTP/1.1 404 Not Found:

[root@host106 .well-known]# curl -IL http://host106.example.com/.well-known/index.html
HTTP/1.1 404 Not Found
Date: Sat, 07 Jun 2025 12:46:56 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/html; charset=iso-8859-1

But this shows it is there HTTP/1.1 200 OK:

[root@host106 .well-known]# curl -IL https://host106.example.com/.well-known/index.html
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 12:49:35 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 07 Jun 2025 12:46:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: text/html

How do I get apache to exclude .well-known from HTTPS redirect? 

I tried to add .htaccess:

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Any thoughts on this? 

• 

  JIKOmetrix

  • June 07, 2025 13:43

  How very strange. 

  I ended up adding the following to the
  Home / Service Configuration / Apache Configuration / Include Editor

  The restarted apache and SSL certificate finally renewed. 

  <VirtualHost [IP-Address]:80>
      ServerName host106.example.com
      DocumentRoot /var/www/html
      ServerAdmin support@example.com
      # Global DCV Rewrite Exclude
      <IfModule rewrite_module>
      RewriteOptions Inherit
      </IfModule>

  
      <Directory "/var/www/html">
        AllowOverride All
      </Directory>

  
      <IfModule suphp_module>
          suPHP_UserGroup nobody nobody
      </IfModule>

  </VirtualHost>

  0
• 

  zayanhani hani

  • June 25, 2025 11:11

  Hey

  Following this too i ran into something similar a while back where HTTP validation was failing even though HTTPS was fine. I didn’t dig super deep at the time but I always wondered if the redirect was the actual issue. Curious to see if someone finds a clean way to bypass it just for .well-known. 

  0

Please sign in to leave a comment.