Announcement

Collapse
No announcement yet.

Lets Encrypt SSL renewal fails, http challenge blocked by htaccess

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lets Encrypt SSL renewal fails, http challenge blocked by htaccess

    Hi,
    I faced an issue that I am using Lets Encrypt, which is set to automatically renew on schedule. It failed to automatically renew and when I looked at the logs I could see the http challenge was failing because it couldnt see the folder and file used by Lets Encrypt to approve the renewal. The directory & file that needs to be accessable found under the following folder: <espocrm-domain>/.well-known/acme-challenge/

    I am using Ubuntu 18.04 with Apache server.

    Upon investigation I found that the EspoCRM htaccess file blocks access to the directory that Lets Encrypt uses. I therefore added a htaccess rule to make an exception and allow Lets Encrypt to see the file. However, a few months later the renewal failed again and I realised that this happened after I updated Espo. So I assume the htaccess file got modified when I updated Espo.

    For now the SSL can renew if the following is inserted in the htaccess file:
    Code:
    RewriteRule ^\.well-known\/acme-challenge\/ - [L]
    I would like to ask the community if inserting the above htaccess code as the first RewriteRule in the htaccess file is going to work fine without creating any other issues?
    Last edited by alexcruncha; 10-27-2022, 04:05 PM.

  • #2
    Since there are still no answers concerning your question specifically, I thought I'd throw in my 2 cents.

    Personally I would not give Espo or any other application direct access to 80/443 ports.
    Have you considered getting your apps behind a reverse proxy? (Nginx, Nginx Proxy Manager, Caddy, HaProxy, Traefik etc.)
    This would solve your htaccess issues as well as give you an ability to host multiple apps on the same sever/ip, but with a different domain.
    You would get an easy GUI to manage certs and domains, load balancing, caching, etc. will be a bonus as well.

    Comment


    • #3
      Anyone could tell me what is the procedure to simply renew let's encrypt certificate on Espocrm when I choose to install with docker?

      Comment

      Working...
      X