Let's Encrypt not working for existing domains

Discussion in 'General' started by dehning, Apr 19, 2018.

  1. dehning

    dehning New Member HowtoForge Supporter

    we are using ISPConfig 3.1.11 on Debian 9 with apache 2.4
    When creating a new domain we are able to generate an certificate via let's encrypt. If we are trying to edit a domain afterwards and add let's encrypt support we get an error in the error.log of the vhost:
    "client denied by server configuration: /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/le-5ad8b3dd62b9c.txt"
    We checked your faq at https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and everything seems fine, but it is not working.
    Do you have any suggestions that might help to solve this problem?
  2. dehning

    dehning New Member HowtoForge Supporter

    We still have this problem. Can nobody help us?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you have any custom config in the apache directives field of the website or does your website use a .htaccess file which might deny access to paths that start with .well-known/ ?
  4. dehning

    dehning New Member HowtoForge Supporter

    I can't believe I didn't check this...
    We have this code in the apache directive:

    <FilesMatch "(^\.|wp-config\.php|xmlrpc\.php|(?<!robots)\.txt|(liesmich|readme)\.*)">
    Require all denied
    Maybe I can somehow implement an exception for .well-known/
    Thanks for your help!

    Edit: I added the following lines in the apache directive and got it working:

    <LocationMatch "/.well-known/acme-challenge/*">
    Require all granted
    Last edited: Apr 27, 2018

Share This Page