Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL and password protected domains

Discussion in 'Security' started by morrow95, Mar 1, 2017.

Tags:
  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    123
    Likes Received:
    3
    Trophy Points:
    168
    I started using AutoSSL when it became available and I have to say I really like it as it is one less thing to worry about and take care of. BUT...

    I have a few domains which I have setup basic authorization for on the public_html folder. In other words, you need to 'login' before you can view anything on the domain. These are domains I use for testing purposes generally. AutoSSL renewal fails on these domains because it cannot create/access the text verification file that is added to the root directory now that they have been pw'ed.

    So, I am in bit of a bind here... I want these domains to have SSL certs for testing purposes to match up with the 'production' domains yet I also want these pw'ed because I do not want the public to have access to anything on them.

    Is there anything I can do short of deleting all my files, taking off the pw protection, and letting AutoSSL renew the certs? This will be a pain in the ass to do this every time they need renewed.
     
    #1 morrow95, Mar 1, 2017
  2. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    201
    Likes Received:
    47
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    What if you moved your actual password-protected sites to a password-protected subfolder, leaving just a blank index.htm in the /public_html and removing the password-protection for /public_html? That way, AutoSSL could install an SSL certificate that would be valid for all your subfolders and password-protected sites. You might be able to use redirects in the /public_html/.htaccess to deal with the move and make it transparent for your users. You might also be able to use a subdomain instead of a subfolder. I'm not sure if AutoSSL needs to put the text file in a subdomain, or just /public_html, but that might be better.

    I think moving the sites to a subfolder/subdomain is better than a temporary fix because the AutoSSL certs renew every 90 days.
     
    #2 linux4me2, Mar 1, 2017
  3. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    123
    Likes Received:
    3
    Trophy Points:
    168
    There are no users - these are for my own use, mostly testing, which is why I want them blocked off from public access. I believe subdomains would require the same text file for AutoSSL, but if anyone knows for sure please comment. A folder is certainly an option, but then that kind of defeats the whole testing purpose if the links would have a different structure (I will have to look at htaccess stuff to see if there is something to change that and mimic the files actually being at root rather than in a folder under root).
     
    #3 morrow95, Mar 1, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You could exclude certain file extensions (.cpaneldcv, .txt) via entries like this in the .htaccess file:

    Code:
    <FilesMatch "\.(cpaneldcv)$">
    Allow from all
    Satisfy any
</FilesMatch>

<FilesMatch "[A-F0-9]{32}\.txt$">
    Allow from all
    Satisfy any
</FilesMatch>
    This would work, assuming you have no .txt files you need to protect in the directory.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Mar 3, 2017
    linux4me2 likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - AutoSSL password protected
  1. activa

    New Thread Enable AutoSSL for User X API

    activa, Sep 21, 2018 at 10:49 AM, in forum: cPanel Developers
    Replies:
    0
    Views:
    17
    activa
    Sep 21, 2018 at 10:49 AM
  2. billy noah

    AutoSSL HTTP DCV Validation Failing

    billy noah, Sep 19, 2018 at 12:06 PM, in forum: Security
    Replies:
    2
    Views:
    52
    cPanelLauren
    Sep 19, 2018 at 2:38 PM
  3. jon356a

    AutoSSL on cPanel Service Proxies

    jon356a, Sep 17, 2018 at 1:37 AM, in forum: General Discussion
    Replies:
    7
    Views:
    84
    cPanelMichael
    Sep 20, 2018 at 10:09 AM
  4. masteroman

    AutoSSL DNS DCV fails for IPv6 subdomain

    masteroman, Sep 16, 2018 at 7:31 AM, in forum: Security
    Replies:
    1
    Views:
    48
    cPanelMichael
    Sep 17, 2018 at 1:47 PM
  5. Benjamin D.

    Potential reduced AutoSSL coverage for subdomain that doesn't exist?

    Benjamin D., Sep 16, 2018 at 6:54 AM, in forum: Security
    Replies:
    3
    Views:
    91
    cPanelMichael
    Sep 18, 2018 at 10:31 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice