Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL and password protected domains

Discussion in 'Security' started by morrow95, Mar 1, 2017.

Tags:
  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    113
    Likes Received:
    3
    Trophy Points:
    168
    I started using AutoSSL when it became available and I have to say I really like it as it is one less thing to worry about and take care of. BUT...

    I have a few domains which I have setup basic authorization for on the public_html folder. In other words, you need to 'login' before you can view anything on the domain. These are domains I use for testing purposes generally. AutoSSL renewal fails on these domains because it cannot create/access the text verification file that is added to the root directory now that they have been pw'ed.

    So, I am in bit of a bind here... I want these domains to have SSL certs for testing purposes to match up with the 'production' domains yet I also want these pw'ed because I do not want the public to have access to anything on them.

    Is there anything I can do short of deleting all my files, taking off the pw protection, and letting AutoSSL renew the certs? This will be a pain in the ass to do this every time they need renewed.
     
    #1 morrow95, Mar 1, 2017
  2. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    197
    Likes Received:
    46
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    What if you moved your actual password-protected sites to a password-protected subfolder, leaving just a blank index.htm in the /public_html and removing the password-protection for /public_html? That way, AutoSSL could install an SSL certificate that would be valid for all your subfolders and password-protected sites. You might be able to use redirects in the /public_html/.htaccess to deal with the move and make it transparent for your users. You might also be able to use a subdomain instead of a subfolder. I'm not sure if AutoSSL needs to put the text file in a subdomain, or just /public_html, but that might be better.

    I think moving the sites to a subfolder/subdomain is better than a temporary fix because the AutoSSL certs renew every 90 days.
     
    #2 linux4me2, Mar 1, 2017
  3. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    113
    Likes Received:
    3
    Trophy Points:
    168
    There are no users - these are for my own use, mostly testing, which is why I want them blocked off from public access. I believe subdomains would require the same text file for AutoSSL, but if anyone knows for sure please comment. A folder is certainly an option, but then that kind of defeats the whole testing purpose if the links would have a different structure (I will have to look at htaccess stuff to see if there is something to change that and mimic the files actually being at root rather than in a folder under root).
     
    #3 morrow95, Mar 1, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,145
    Likes Received:
    1,754
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You could exclude certain file extensions (.cpaneldcv, .txt) via entries like this in the .htaccess file:

    Code:
    <FilesMatch "\.(cpaneldcv)$">
    Allow from all
    Satisfy any
</FilesMatch>

<FilesMatch "[A-F0-9]{32}\.txt$">
    Allow from all
    Satisfy any
</FilesMatch>
    This would work, assuming you have no .txt files you need to protect in the directory.

    Thank you.
     
    #4 cPanelMichael, Mar 3, 2017
    linux4me2 likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - AutoSSL password protected
  1. PenguinInternet

    AutoSSL and Password Protection

    PenguinInternet, Sep 3, 2016, in forum: Security
    Replies:
    3
    Views:
    877
    cPanelMichael
    Sep 7, 2016
  2. kabatak

    In Progress AutoSSL sends notification for expired domains after cPanel v70 update

    kabatak, May 17, 2018 at 3:02 AM, in forum: Security
    Replies:
    7
    Views:
    82
    cPanelMichael
    May 18, 2018 at 2:02 PM
  3. Elizabeta

    AutoSSL ceritificate expired could not renew message

    Elizabeta, May 16, 2018 at 3:36 AM, in forum: Security
    Replies:
    8
    Views:
    87
    cPanelLauren
    May 17, 2018 at 9:12 AM
  4. cPanelResources

    Tutorial AutoSSL Troubleshooting Steps

    cPanelResources, May 10, 2018, in forum: Security
    Replies:
    0
    Views:
    47
    cPanelResources
    May 10, 2018
  5. nivekau

    AutoSSL unable to replace certificate - failed domain control validation

    nivekau, May 6, 2018, in forum: Security
    Replies:
    7
    Views:
    190
    cPanelLauren
    May 9, 2018

Share This Page