I am working on updating the process to renew my SSL certs. I am trying to use acme.sh and I am running into issues creating the certs,
The script to create/renew a cert writes files to a directory under the web root and then uses those files to verify the domain before issuing the certs. The problem I have been running into is that when those files are accessed (either in a browser or through this script), it throws a 403 error.
The URL is similar to: /.well-known/acme-challenge/lEe9Te2X2NYyRQnou812
I am using the built-in Undertow server and have been banging my head trying to figure out how to allow access to these files.
Can anyone shed some light on what I am missing?
The issue is commandbox whitelists file extensions which are safe to serve from the webserver for security. Files with no extension use the entire name for the extension. Commandbox 6.2, which I’ll be releasing this week (hopefully), has an exception for the entire well known folder.
Well…poop…hopefully it will be released before my certs expire as my previous process for renewing them has sh!t the bed.
You can update to the 6.2.0-alpha build today to try it out. Or, add lEe9Te2X2NYyRQnou812 as a whitelisted file extension. Or rename it to lEe9Te2X2NYyRQnou812.txt and toss in a simple rewrite rule that rewrites lEe9Te2X2NYyRQnou812 to lEe9Te2X2NYyRQnou812.txt. There are several workarounds you can use until I roll out 6.2 final.
I am not going to install ‘alpha’ software on my production site.
I can’t add a whitelist for the file because every time the process runs to renew the certs, it generates a new file. I only had access to the file after adding --debug to the command during testing to find out why it wasn’t working.
I was able to use a different option to renew the certificates, and 6.2 should be released by the time they are due again.
lol, well it’s “alpha” in name only at this point. As I said, I’ll be releasing that exact same code as stable tomorrow most likely.
Glad to hear 