AutoSSL and password protected domains

morrow95

Well-Known Member
Oct 8, 2006
170
9
168
I started using AutoSSL when it became available and I have to say I really like it as it is one less thing to worry about and take care of. BUT...

I have a few domains which I have setup basic authorization for on the public_html folder. In other words, you need to 'login' before you can view anything on the domain. These are domains I use for testing purposes generally. AutoSSL renewal fails on these domains because it cannot create/access the text verification file that is added to the root directory now that they have been pw'ed.

So, I am in bit of a bind here... I want these domains to have SSL certs for testing purposes to match up with the 'production' domains yet I also want these pw'ed because I do not want the public to have access to anything on them.

Is there anything I can do short of deleting all my files, taking off the pw protection, and letting AutoSSL renew the certs? This will be a pain in the ass to do this every time they need renewed.
 

linux4me2

Well-Known Member
Aug 21, 2015
259
79
78
USA
cPanel Access Level
Root Administrator
What if you moved your actual password-protected sites to a password-protected subfolder, leaving just a blank index.htm in the /public_html and removing the password-protection for /public_html? That way, AutoSSL could install an SSL certificate that would be valid for all your subfolders and password-protected sites. You might be able to use redirects in the /public_html/.htaccess to deal with the move and make it transparent for your users. You might also be able to use a subdomain instead of a subfolder. I'm not sure if AutoSSL needs to put the text file in a subdomain, or just /public_html, but that might be better.

I think moving the sites to a subfolder/subdomain is better than a temporary fix because the AutoSSL certs renew every 90 days.
 

morrow95

Well-Known Member
Oct 8, 2006
170
9
168
There are no users - these are for my own use, mostly testing, which is why I want them blocked off from public access. I believe subdomains would require the same text file for AutoSSL, but if anyone knows for sure please comment. A folder is certainly an option, but then that kind of defeats the whole testing purpose if the links would have a different structure (I will have to look at htaccess stuff to see if there is something to change that and mimic the files actually being at root rather than in a folder under root).
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

You could exclude certain file extensions (.cpaneldcv, .txt) via entries like this in the .htaccess file:

Code:
<FilesMatch "\.(cpaneldcv)$">
    Allow from all
    Satisfy any
</FilesMatch>

<FilesMatch "[A-F0-9]{32}\.txt$">
    Allow from all
    Satisfy any
</FilesMatch>
This would work, assuming you have no .txt files you need to protect in the directory.

Thank you.
 
  • Like
Reactions: linux4me2