The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL & Django Issue

Discussion in 'Security' started by shadowfax, Oct 23, 2016.

Tags:
  1. shadowfax

    shadowfax Registered

    Joined:
    May 16, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    151
    Hello,

    I did a lot of searching but could not find a thread that spoke specifically to my problem. So forgive me if there is a duplicate somewhere.

    I recently had the AutoSSL plugin enabled on my KnownHost VPS running WHM v58 build 32 cPanel. I configured the plugin to use the Let's Encrypt service for SSLs.

    My server configuration has three different type of webpage setups running on Apache :

    1) A few domains using normal HTML and .htaccess type config with "each domain set up as a unique user".
    2) A group of sub-domains parked under a single primary domain user id. (all running html pages and .htaccess)
    3) A few domains using Django to serve the website (no .htaccess but settings in apache virtual conf files) with "each domain set up as a unique user".

    Setup group 1 had no problem enabling the Let's Encrypt SSL certs through your plug in. I enable it and do a check domain and the log shows that a cert was needed and it is installed. I then see the .well-known/acme-challenge folder in the public_html folder. There are files in the folder initially but then disappear. HTTPS seems to work on these domains with no issue.

    Setup group 2 is only able to be configured if I enable AutoSSL on the User ID that all the sub-domains sit under. AutoSSL then tries to enable certs for it and all sub-domains. I only wanted a select group of these sub-domains to have SSL certs. From what I understand that is in future versions of your plugin you will allow this to happen? Or will your plugin always enable certs for all these sub-domains or not? I heard there was a feature request for this? Can you verify?

    Setup group 3 is the one having the real problem. When I try to enable AutoSSL on a domain configured with Django I get the following error:

    Code:
    WARN The domain “x.com” has failed domain control validation (The system queried for a temporary file at “<a href="http://x.com/15136.BIN_AUTOSSL_CHECK_PL__.HD758vMuXhQNdjx5.tmp">”" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://x.com/15136.BIN_AUTOSSL_CHECK_PL__.HD758vMuXhQNdjx5.tmp”" rel="nofollow">http://x.com/15136.BIN_AUTOSSL_CHECK_PL__.HD758vMuXhQNdjx5.tmp</a>”, but the web server responded with the following error: 404 (NOT FOUND). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.). at bin/autossl_check.pl line 449.
    
    I looked in this forum and found some tricks about putting a RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ setting in the .htaccess file. Django doesn't use .htaccess but can be configured via a virtual conf file inside Apache. I added that line along with RewriteEnging on. The problem persisted.

    Also, I notice that the .well-known folder is never created.

    I do want to note that my Django has the WebRoot folder changed from public_html. Instead the root of the domain is /home/userid/public_html/d18p275/domain_com/. Additionally actual webpage files that are served are in a "templates" folder off of the WebRoot. Lastly, you have to actually define URL entries in a urls.py file on you get a 404.

    Since your "temp" file seems to be dynamic in nature and I see no way to point you to the correct root folder where files are served from, I am not sure how to get AutoSSL working on my Django domains.

    Can you help me on how I get this working? Thanks...
     
    #1 shadowfax, Oct 23, 2016
    Last edited by a moderator: Oct 23, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @shadowfax,

    That's correct. It's not currently possible to exclude subdomains, but I encourage you to vote and add feedback to the existing feature request for this at:

    AutoSSL: Prevent specific domains from being issued free SSL certificates

    Could you open a support ticket using the link in my signature so we can take a closer look at this configuration and determine what's blocking the domain validation? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page