Problem with accessing the .well-known via the browser about letsencrypt-webfaction HOT 28 CLOSED

EDIT: .well-known directory is specified in the acme-client gem which @will-in-wi's gem is depending on.

To clarify: https://letsencrypt.org/ uses https://tools.ietf.org/html/rfc5785 which defines ".well-known" (with the dot) as the location in which the validation should reside.

from letsencrypt-webfaction.

On September 25, 2018 WebFaction rolled out an update. Read more at https://bonniesites.solutions/using-lets-encrypt-with-webfaction/

from letsencrypt-webfaction.

I'm glad this has proved useful to you!

To make sure I understand: renaming the directory from .well-known/ to .wk/ caused it to work?

And if you try to access the relevant URL from the browser, you get a 403 forbidden?

from letsencrypt-webfaction.

When I visit the url in the browser (with .well-known in it), it shows a 404 page, however after renaming the directory to anything else it works.

One thing I forgot to mention, it's a "Static" application with PHP enabled (so it supports the .htaccess file), however in my case I don't have any rules there.

from letsencrypt-webfaction.

@will-in-wi I've just heard back from WebFaction's team, and it seems like they have an issue with Apache 2.4 they recently installed. The support team has tested your gem on Apache 2.2, and it worked fine. Will leave a comment here once they fix it (in case someone else runs into this problem).

from letsencrypt-webfaction.

Thanks! I'm glad to hear that, for once, it isn't my fault. 😄

I look forward to hearing back from WF support.

from letsencrypt-webfaction.

Hello, there.
Can you explain with more details how to make it work?
I have also the same issues where I get a 404 from the let's encrypt. I first changed the /.well-known to /.wk just like you're commenting up there and by also trying the following command:

letsencrypt_webfaction --account_email [email protected] --domains blog.myDomain.com --public ~/webapps/App/ --output_dir=/home/wf_user/certificates/

I, nevertheless, still get this same error in the console:

Failed to verify statuses.
blog.myDomain.com: Invalid response from http://blog.myDomain.com/.well-known/acme-challenge/4TN_49vW9......fKCyxAa29wSwljRdz0: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
Make sure that you can access http://blog.myDomain.com/.well-known/acme-challenge/4TN_49vW9S....KCyxAa29wSwljRdz0

It looks like anyway the let's encrypt is still looking for the .well-known/ directory

What am I missing? Why doesn't it then look for the .wk/ directory???

from letsencrypt-webfaction.

Hey, I have an update from WebFaction. :)

It turns out it was a bug in Apache 2.4 which is installed on some (?) servers in WebFaction. The tech support person said he created a ticket in their internal ticketing system to fix it. He also confirmed letsencrypt_webfaction gem to be working fine with Apache 2.2. I haven't heard back from him since he created the ticket, however after a few days I tried to generate the certs again and everything went smoothly.

The reply from WebFaction:

OK. I've done more testing on this.

It appears to be related to Apache 2.4 which is on your current server. I was able to duplicate the issue under a test account using the same directory structure
in your application.

However, on another server running Apache 2.2 it works fine.

I've opened an internal ticket to have this looked into further as I was unable to find
what the difference is on Apache 2.4

We will update you as soon as we have more details.

The bug which WF's tech support referred to was that whenever you tried to open "http://blog.myDomain.com/.well-known/acme-challenge/4TN_49vW9......fKCyxAa29wSwljRdz0" in the browser, Apache treated it as a request to "http://blog.myDomain.com/4TN_49vW9......fKCyxAa29wSwljRdz0", thus it returned a 404. This behaviour occurred ONLY for .well-known directory.

@pathros I'd suggest you contacting the WebFaction support and referring to the issue. You can mention the ticket I had created earlier for WebFaction's support. Ticket ID: KRI-132413.

I hope this helps. :)

EDIT: .well-known directory is specified in the acme-client gem which @will-in-wi's gem is depending on.
As @will-in-wi clarified:

https://letsencrypt.org/ uses https://tools.ietf.org/html/rfc5785 which defines ".well-known" (with the dot) as the location in which the validation should reside.

from letsencrypt-webfaction.

I had the same issue, and the response they gave was:

This is actually due to a change we made in the front-end Nginx server while implementing support for LE certificates in the control panel. We are still developing the support, and we cannot give an exact ETA on the implmentation, but we are preparing the servers for it.

Our developers are now looking into the issue, and we will update this ticket as soon as we have more information from them.

from letsencrypt-webfaction.

For future reference, the two tickets I've opened are QLG-660386 and GZD-316096. Both appear to have been resolved.

from letsencrypt-webfaction.

@pathros: Has WF support been able to fix it for you?

from letsencrypt-webfaction.

@will-in-wi thanks for clarifying this!

from letsencrypt-webfaction.

Hello, guys! Will & Łukasz !!!
Thank you so much! :)

I have just tried again and now it's working like a charm! I retried with the .well-known/ directory inside the command and it is now working!!!! 👍

Thanks a lot!!! 💯

Best regards!

from letsencrypt-webfaction.

Glad to hear it!

from letsencrypt-webfaction.

I am currently having this issue, @pathros could you please clarify what you mean by "I retried with the .well-known/ directory inside the command"? Thanks

from letsencrypt-webfaction.

What application are you running? WordPress, Drupal, et cetera?

from letsencrypt-webfaction.

The application is Question2Answer, http://www.question2answer.org/

The .well-known folder and challenge is created fine, and I am updating certs, so this worked before with nothing changed in the app installation

Edit: The request is coming in via http, could this be a problem with the redirect to https?

from letsencrypt-webfaction.

Ah, this might be a different issue. Open a ticket with WebFaction, since they have been having an issue where they block this folder.

from letsencrypt-webfaction.

@will-in-wi Thanks, I did and after a day and misdiagnosis, I received a verbatim copy and paste of what you did above:

"This is actually due to a change we have made in the front-end Nginx server while
implementing support for LE certificates in the control panel. We are still
developing the support, and we cannot give an exact ETA on the implmentation,
but we are preparing the servers for it.

Our developers are now looking into the issue, and we will update this ticket
as soon as we have more information from them."

Basically, can't access the .well-known/acme-challenge directory. Were you able to come up with a workaround? @pathros Did you have this issue as well?

The SSL certificate expires today, Murphy's Law, every, time :/

from letsencrypt-webfaction.

Hello, yeah I had that 404 issue. Then I retried again and everything is fine. Actually, I have just made a new test (some minutes ago) with the following command:

letsencrypt_webfaction --account_email [email protected] --domains somedomain.tk,www.somedomain.tk --public ~/webapps/somedomainfolder/ --output_dir=/home/usernameatwebfaction/certificados

Notes:

• I have applied this command to both wordpress sites and simple php projects. And it's worked just fine.
• I have the well-known folders inside my somedomainefolder as follows: ~/webapps/somedomainfolder/.well-known/acme-challenge

from letsencrypt-webfaction.

@pathros They may have fixed it on your server, it doesn't work here, can you clarify what you meant by "I retried with the .well-known/ directory inside the command"? I setup a vanilla http webapp to make sure there was nothing else going on.

from letsencrypt-webfaction.

Well, I am in web406 server in wf.

Oh, maybe that comment of mine is not actually clear. First, I'd just changed the name of that directory, just as @lukaszklis commented in the beginning, from /.well-known to /.wk and it didn't work. Some days passed by and probably during that period, Webfaction's staff was fixing it. I retried again some days after and this finally worked for me. I must say that I'd renamed the /.wk folder back to /.well-known. That's what I meant, not inside the command.

from letsencrypt-webfaction.

@pathros Thanks, hopefully this means they will be able to fix it soon. I am also hopeful that their LE control panel support addresses some of the problems, having issues with certs every 90 days makes for a long year

from letsencrypt-webfaction.

@JoshEngebretson: Sorry for the delay in responding. If you need a very short-term workaround, I'd suggest either using StartSSL for a 1 year free cert (which won't work if you happen to take payments or link to a site which takes payments, FYI), or finding another client which will allow you to do DNS based confirmation of your domain. Something involving creating a TXT record.

from letsencrypt-webfaction.

You might also want to bounce the WF ticket to highest in order that WF jumps on it faster, assuming that this is critical for you. I don't know whether your case is a low traffic personal blog which can stand to have an invalid cert for a couple of days or your livelihood.

from letsencrypt-webfaction.

I have a Django app, so I followed the Django tutorial, but I'm getting the 404 error described here, but the reason is not the apache, but rather that no file is created in the acme-challenge directory

letsencrypt_webfaction --account_email [email protected] --domains my.domain.com --public ~/webapps/verification/ --endpoint https://acme-staging.api.letsencrypt.org/ --support_email [email protected]

Any ideas?

from letsencrypt-webfaction.

@fsboehme I had a similar problem with a Ghost installation (node.js based). What you could try to do, is to create a "Static" app (PHP x.x, so .htaccess would be supported), run the script against that folder and then apply the certificate to the django app.

from letsencrypt-webfaction.

I changed my static-only (no .htaccess) to a regular static app with php support, but it still doesn't create the acme-challenge folder or file. Not sure if that's anything to do with the type of app. Doesn't seem like placing the file should be affected by that?!

from letsencrypt-webfaction.