AutoSSL unable to replace certificate - failed domain control validation

AutoSSL is unable to replace an expired certificate. The log shows a bunch of errors like these;

Code:

 4:11:00 PM WARN The domain “*****.com.au” failed domain control validation: The system queried for a temporary file at “http://*****.com.au/.well-known/pki-validation/B4CA6D73F49FCDB3A6261716272CC13B.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
 4:11:01 PM WARN The domain “whm.*****.com.au” failed domain control validation: The system queried for a temporary file at “http://whm.*****.com.au/.well-known/pki-validation/C3E25B0D11F2C6EB4D8BB998BAD5CF8F.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

Please advise how to fix this.

 

Okay. Thanks. On this particular site access to the site was restricted in the .htaccess file because it's a development site. I commented out the auth section of the .htaccess file and ran the AutoSSL "check" for this user in WHM.

It inserted the following mod rewrite conditions into my .htaccess file in each section where rewrite conditions already existed;

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

So this is what my .htaccess file looks like now;

RewriteEngine on

# only rewrite if the file or directory doesn't exists
# and if we're not viewing the homepage

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^.*$ /engine.php [L]
# AuthType Basic
# AuthName "private"
# AuthUserFile "/home/worknews/.htpasswds/public_html/passwd"
# require valid-user​

The folders .well-known/pki-validation/ exist, but there is no file in the pki-validation folder and it does not appear that the expired certificate has been replaced - I am still getting a certificate expiry warning in Firefox

 

This is what the curl request returns (logged into the relevant cpanel user account using putty);

Code:

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
        <head>
                <title>404 - Not Found</title>
        </head>
        <body>
                <h1>404 - Not Found</h1>
        </body>
</html>

 

I should add, that on very simple sites on the same server, https works fine. It's the sites that already have .htaccess files that appear to be a problem.

 

Also, I ran the curl command exactly as it was. If I run it and substitute example.com for my domain, this is what I get back;

Code:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://----------.com.au/.well-known/pki-validation/hash.txt">here</a>.</p>
</body></html>