You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jerry Malcolm <te...@malcolms.com> on 2018/12/25 05:18:33 UTC
[users@httpd] acme-challenge folder exists but 404 contents
I have an apache install that has been up and running for months. I use
LetEncrypt for certificates. I went to renew all of my certificates
using an automated script that worked fine 3 months ago on the last
refresh. It failed on every domain saying the challenge file was not
found. I put a test.html file in /.well-known/acme-challenge folder,
and tried to access it with a browser, and it gave me a 404. After
moving the test.html file around into other folders, it was found
correctly in every folder except acme-challenge. I even renamed
acme-challenge to acme-challenge1 and acme1challenge, and test.html was
found in folders by those names. Renamed it back to acme-challenge and
I'm again getting 404. I have about 15 virtual hosts defined. Exact
same situation in every virtual host The folder specifically named
"acme-challenge" is somehow now being blocked or hidden by apache.
I'm using WAMP 3.1.3 (Apache 2.4.33). The only .htaccess file in the
entire wamp tree is in the php folder, and I'm not using php. I'd say I
haven't made any changes that would cause this problem since the last
time I refreshed certificates. But I guess I did 'something'. But I'm
clueless.
One thing I did notice.... In the browser, if I look for a non-existent
file in any other folder, I get one 404 line saying the requested file
was not found on the server. Fine. But when I look for that same
non-existent file in the /.well-known/acme-challenge folder, I get that
same line. But I also get another line I haven't seen before that says:
Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.
So not only can't find the file, it can't find a file to tell me it
can't find the file... (???). But this line ONLY appears when trying to
get a file from that one specific directory named 'acme-challenge'.
Help.... certs have expired....
Thanks.
Jerry
Re: [users@httpd] Re: acme-challenge folder exists but 404 contents
Posted by Jerry Malcolm <te...@malcolms.com>.
On 12/25/2018 9:14 AM, Jonesy wrote:
> On Tue, 25 Dec 2018 00:49:41 -0600, Jerry Malcolm wrote:
>> --------------5C1A8A0DD708D3B6F6BE8489
>> Content-Type: text/plain; charset=utf-8; format=flowed
>> Content-Transfer-Encoding: 8bit
>>
>> Update... I finally went back to my Sept conf and vhosts files. With the
>> old configuration files, acme-challenge folder became available again.
>> So I was able to get my certs refreshed, and I then restored the current
>> conf files. That at least tells me it's something in the conf files.
>> But I really don't want to make this my official process every three
>> months when I refresh the certs. I guess I'll start with an A-B
>> comparison of the conf files. But the only real significant change I
>> can remember in the last three months was enabling http 2.0. Doesn't
>> seem to me that anything in that area of config would be locking out
>> folders with certain names (??). In any case, I can brute-force this
>> and back out changes one by one. But if any of you have a hint as to
>> what could be happening causing one specifically-named folder to be
>> blocked (or a way to dig deeper into logs to figure it out), it'll save
>> me a lot of time and effort.
>>
>> Thanks.
>>
>> Jerry
>>
>>
>> On 12/24/2018 11:18 PM, Jerry Malcolm wrote:
>>> I have an apache install that has been up and running for months. I
>>> use LetEncrypt for certificates. I went to renew all of my
>>> certificates using an automated script that worked fine 3 months ago
>>> on the last refresh. It failed on every domain saying the challenge
>>> file was not found. I put a test.html file in
>>> /.well-known/acme-challenge folder, and tried to access it with a
>>> browser, and it gave me a 404. After moving the test.html file around
>>> into other folders, it was found correctly in every folder except
>>> acme-challenge. I even renamed acme-challenge to acme-challenge1 and
>>> acme1challenge, and test.html was found in folders by those names.
>>> Renamed it back to acme-challenge and I'm again getting 404. I have
>>> about 15 virtual hosts defined. Exact same situation in every virtual
>>> host The folder specifically named "acme-challenge" is somehow now
>>> being blocked or hidden by apache.
>>>
>>> I'm using WAMP 3.1.3 (Apache 2.4.33). The only .htaccess file in the
>>> entire wamp tree is in the php folder, and I'm not using php. I'd say
>>> I haven't made any changes that would cause this problem since the
>>> last time I refreshed certificates. But I guess I did 'something'.
>>> But I'm clueless.
>>>
>>> One thing I did notice.... In the browser, if I look for a
>>> non-existent file in any other folder, I get one 404 line saying the
>>> requested file was not found on the server. Fine. But when I look
>>> for that same non-existent file in the /.well-known/acme-challenge
>>> folder, I get that same line. But I also get another line I haven't
>>> seen before that says:
>>>
>>> Additionally, a 404 Not Found error was encountered while trying to
>>> use an ErrorDocument to handle the request.
>>>
>>> So not only can't find the file, it can't find a file to tell me it
>>> can't find the file... (???). But this line ONLY appears when trying
>>> to get a file from that one specific directory named 'acme-challenge'.
>>>
>>> Help.... certs have expired....
>>>
>>> Thanks.
>>>
>>> Jerry
> Well, just from the data you've shown, your _only_ failing
> directory (.../.well-known/acme-challenge/) jumps out as the
> only example in your testing that has a hyphenated directory name.
>
> Maybe a red herring.....
> Jonesy
I had tried /.well-known/acme-challenge1, and it worked. But even if it
was a hyphen, assuming there is no .htaccess file, is there something in
the configuration that would say to hide all directories with hyphens?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: acme-challenge folder exists but 404 contents
Posted by Jonesy <SP...@jonz.net>.
On Tue, 25 Dec 2018 00:49:41 -0600, Jerry Malcolm wrote:
> --------------5C1A8A0DD708D3B6F6BE8489
> Content-Type: text/plain; charset=utf-8; format=flowed
> Content-Transfer-Encoding: 8bit
>
> Update... I finally went back to my Sept conf and vhosts files. With the
> old configuration files, acme-challenge folder became available again.
> So I was able to get my certs refreshed, and I then restored the current
> conf files. That at least tells me it's something in the conf files.
> But I really don't want to make this my official process every three
> months when I refresh the certs. I guess I'll start with an A-B
> comparison of the conf files. But the only real significant change I
> can remember in the last three months was enabling http 2.0. Doesn't
> seem to me that anything in that area of config would be locking out
> folders with certain names (??). In any case, I can brute-force this
> and back out changes one by one. But if any of you have a hint as to
> what could be happening causing one specifically-named folder to be
> blocked (or a way to dig deeper into logs to figure it out), it'll save
> me a lot of time and effort.
>
> Thanks.
>
> Jerry
>
>
> On 12/24/2018 11:18 PM, Jerry Malcolm wrote:
>>
>> I have an apache install that has been up and running for months. I
>> use LetEncrypt for certificates. I went to renew all of my
>> certificates using an automated script that worked fine 3 months ago
>> on the last refresh. It failed on every domain saying the challenge
>> file was not found. I put a test.html file in
>> /.well-known/acme-challenge folder, and tried to access it with a
>> browser, and it gave me a 404. After moving the test.html file around
>> into other folders, it was found correctly in every folder except
>> acme-challenge. I even renamed acme-challenge to acme-challenge1 and
>> acme1challenge, and test.html was found in folders by those names.
>> Renamed it back to acme-challenge and I'm again getting 404. I have
>> about 15 virtual hosts defined. Exact same situation in every virtual
>> host The folder specifically named "acme-challenge" is somehow now
>> being blocked or hidden by apache.
>>
>> I'm using WAMP 3.1.3 (Apache 2.4.33). The only .htaccess file in the
>> entire wamp tree is in the php folder, and I'm not using php. I'd say
>> I haven't made any changes that would cause this problem since the
>> last time I refreshed certificates. But I guess I did 'something'.
>> But I'm clueless.
>>
>> One thing I did notice.... In the browser, if I look for a
>> non-existent file in any other folder, I get one 404 line saying the
>> requested file was not found on the server. Fine. But when I look
>> for that same non-existent file in the /.well-known/acme-challenge
>> folder, I get that same line. But I also get another line I haven't
>> seen before that says:
>>
>> Additionally, a 404 Not Found error was encountered while trying to
>> use an ErrorDocument to handle the request.
>>
>> So not only can't find the file, it can't find a file to tell me it
>> can't find the file... (???). But this line ONLY appears when trying
>> to get a file from that one specific directory named 'acme-challenge'.
>>
>> Help.... certs have expired....
>>
>> Thanks.
>>
>> Jerry
Well, just from the data you've shown, your _only_ failing
directory (.../.well-known/acme-challenge/) jumps out as the
only example in your testing that has a hyphenated directory name.
Maybe a red herring.....
Jonesy
--
Marvin L Jones | Marvin | W3DHJ.net | linux
38.238N 104.547W | @ jonz.net | Jonesy | FreeBSD
* Killfiling google & XXXXbanter.com: jonz.net/ng.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] acme-challenge folder exists but 404 contents
Posted by Jerry Malcolm <te...@malcolms.com>.
Update... I finally went back to my Sept conf and vhosts files. With the
old configuration files, acme-challenge folder became available again.
So I was able to get my certs refreshed, and I then restored the current
conf files. That at least tells me it's something in the conf files.
But I really don't want to make this my official process every three
months when I refresh the certs. I guess I'll start with an A-B
comparison of the conf files. But the only real significant change I
can remember in the last three months was enabling http 2.0. Doesn't
seem to me that anything in that area of config would be locking out
folders with certain names (??). In any case, I can brute-force this
and back out changes one by one. But if any of you have a hint as to
what could be happening causing one specifically-named folder to be
blocked (or a way to dig deeper into logs to figure it out), it'll save
me a lot of time and effort.
Thanks.
Jerry
On 12/24/2018 11:18 PM, Jerry Malcolm wrote:
>
> I have an apache install that has been up and running for months. I
> use LetEncrypt for certificates. I went to renew all of my
> certificates using an automated script that worked fine 3 months ago
> on the last refresh. It failed on every domain saying the challenge
> file was not found. I put a test.html file in
> /.well-known/acme-challenge folder, and tried to access it with a
> browser, and it gave me a 404. After moving the test.html file around
> into other folders, it was found correctly in every folder except
> acme-challenge. I even renamed acme-challenge to acme-challenge1 and
> acme1challenge, and test.html was found in folders by those names.
> Renamed it back to acme-challenge and I'm again getting 404. I have
> about 15 virtual hosts defined. Exact same situation in every virtual
> host The folder specifically named "acme-challenge" is somehow now
> being blocked or hidden by apache.
>
> I'm using WAMP 3.1.3 (Apache 2.4.33). The only .htaccess file in the
> entire wamp tree is in the php folder, and I'm not using php. I'd say
> I haven't made any changes that would cause this problem since the
> last time I refreshed certificates. But I guess I did 'something'.
> But I'm clueless.
>
> One thing I did notice.... In the browser, if I look for a
> non-existent file in any other folder, I get one 404 line saying the
> requested file was not found on the server. Fine. But when I look
> for that same non-existent file in the /.well-known/acme-challenge
> folder, I get that same line. But I also get another line I haven't
> seen before that says:
>
> Additionally, a 404 Not Found error was encountered while trying to
> use an ErrorDocument to handle the request.
>
> So not only can't find the file, it can't find a file to tell me it
> can't find the file... (???). But this line ONLY appears when trying
> to get a file from that one specific directory named 'acme-challenge'.
>
> Help.... certs have expired....
>
> Thanks.
>
> Jerry
>
Re: [users@httpd] acme-challenge folder exists but 404 contents
Posted by Stefan Eissing <st...@greenbytes.de>.
This sounds as if you have loaded "mod_md" and it has taken over the /.well-known/acme-challenge folder. This was a bug in that module which has been fixed in subsequent releases.
If you do not use mod_md, the easiest remedy is to not load it into your server.
If you want to use mod_md together with other Lets Encrypt clients such as certbot, you need to upgrade to a recent Apache httpd version or get the module from github and compile it yourself.
Hope this helps,
Stefan
> Am 02.01.2019 um 14:36 schrieb Jens-U. Mozdzen <jm...@nde.ag>:
>
> Hi Jerry,
>
> Zitat von Jerry Malcolm <te...@malcolms.com>:
>> I have an apache install that has been up and running for months. I use LetEncrypt for certificates. I went to renew all of my certificates using an automated script that worked fine 3 months ago on the last refresh. It failed on every domain saying the challenge file was not found. I put a test.html file in /.well-known/acme-challenge folder, and tried to access it with a browser, and it gave me a 404. After moving the test.html file around into other folders, it was found correctly in every folder except acme-challenge. [...]
>
> what's in the Apache logs? The access log should report the 404, is there anything related in the error logs?
>
> Regards,
> J
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] acme-challenge folder exists but 404 contents
Posted by "Jens-U. Mozdzen" <jm...@nde.ag>.
Hi Jerry,
Zitat von Jerry Malcolm <te...@malcolms.com>:
> I have an apache install that has been up and running for months. I
> use LetEncrypt for certificates. I went to renew all of my
> certificates using an automated script that worked fine 3 months ago
> on the last refresh. It failed on every domain saying the challenge
> file was not found. I put a test.html file in
> /.well-known/acme-challenge folder, and tried to access it with a
> browser, and it gave me a 404. After moving the test.html file
> around into other folders, it was found correctly in every folder
> except acme-challenge. [...]
what's in the Apache logs? The access log should report the 404, is
there anything related in the error logs?
Regards,
J
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org