AutoSSL and password protected domains

morrow95 · Mar 1, 2017

I started using AutoSSL when it became available and I have to say I really like it as it is one less thing to worry about and take care of. BUT...

I have a few domains which I have setup basic authorization for on the public_html folder. In other words, you need to 'login' before you can view anything on the domain. These are domains I use for testing purposes generally. AutoSSL renewal fails on these domains because it cannot create/access the text verification file that is added to the root directory now that they have been pw'ed.

So, I am in bit of a bind here... I want these domains to have SSL certs for testing purposes to match up with the 'production' domains yet I also want these pw'ed because I do not want the public to have access to anything on them.

Is there anything I can do short of deleting all my files, taking off the pw protection, and letting AutoSSL renew the certs? This will be a pain in the ass to do this every time they need renewed.

linux4me2 · Mar 1, 2017

What if you moved your actual password-protected sites to a password-protected subfolder, leaving just a blank index.htm in the /public_html and removing the password-protection for /public_html? That way, AutoSSL could install an SSL certificate that would be valid for all your subfolders and password-protected sites. You might be able to use redirects in the /public_html/.htaccess to deal with the move and make it transparent for your users. You might also be able to use a subdomain instead of a subfolder. I'm not sure if AutoSSL needs to put the text file in a subdomain, or just /public_html, but that might be better.

I think moving the sites to a subfolder/subdomain is better than a temporary fix because the AutoSSL certs renew every 90 days.

morrow95 · Mar 1, 2017

There are no users - these are for my own use, mostly testing, which is why I want them blocked off from public access. I believe subdomains would require the same text file for AutoSSL, but if anyone knows for sure please comment. A folder is certainly an option, but then that kind of defeats the whole testing purpose if the links would have a different structure (I will have to look at htaccess stuff to see if there is something to change that and mimic the files actually being at root rather than in a folder under root).

cPanelMichael · Mar 3, 2017

Hello,

You could exclude certain file extensions (.cpaneldcv, .txt) via entries like this in the .htaccess file:
Code:
<FilesMatch "\.(cpaneldcv)$">
    Allow from all
    Satisfy any
</FilesMatch>

<FilesMatch "[A-F0-9]{32}\.txt$">
    Allow from all
    Satisfy any
</FilesMatch>
This would work, assuming you have no .txt files you need to protect in the directory.

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL and password protected domains

morrow95 Well-Known Member

linux4me2 Well-Known Member

morrow95 Well-Known Member

cPanelMichael Forums Analyst
Staff Member

AutoSSL and Password Protection

AutoSSL failure on all domains on the server

Use AutoSSL on Cname?

AutoSSL: exclude parent domain - will renewal work?

AutoSSL / 404 errors

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL and password protected domains

morrow95 Well-Known Member

linux4me2 Well-Known Member

morrow95 Well-Known Member

cPanelMichael Forums Analyst Staff Member

AutoSSL and Password Protection

AutoSSL failure on all domains on the server

Use AutoSSL on Cname?

AutoSSL: exclude parent domain - will renewal work?

AutoSSL / 404 errors

Share This Page

cPanelMichael Forums Analyst
Staff Member