We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
[SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
I have a drupal multisite installation with vesta and let's encrypt. The problem is that when I try to issue a certificate for a domain included in the multisite I get the following error:
I found somewhere that there was a issue with the drupal .htaccess but I got the error above with the .htaccess disabled and without so it has to be something else.
The command I used to issue the let's encrypt certificate was:
I tried to issue certificates for my main multisite domain and for other domains as well but all failed. On the other hand, certificates issued for other domains (not included in the multisite) are working fine.
Code: Select all
Failed authorization procedure. WWW.MY-DOMAIN.COM (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://WWW.MY-DOMAIN.COM/.well-known/acme-challenge/0VLqD9bONDUvfoRB8vnRsvLqqznZsKgooYDE8QDE9xE [MY-IP-HERE]: 404, MY-DOMAIN.COM (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://MY-DOMAIN.COM/.well-known/acme-challenge/f9aEPtCrIRortvYqQtoTaYNHNVGkE3QvGfTadvNzuPY [MY-IP-HERE]: 404
The command I used to issue the let's encrypt certificate was:
Code: Select all
letsencrypt --webroot -w /home/admin/web/MY-DOMAIN.COM/public_html/ -d MY-DOMAIN.COM -d WWW.MY-DOMAIN.COM --agree-tos --email [email protected] --verbose
Re: [SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
After a lot of searching and experimentation I found the answer. Actually there are two parameters that should be taken into consideration from those who crave a Drupal multisite + Vesta + Let's Encrypt.
1. Before trying to install any certificate in your Drupal multisite go to your apache2.conf and undo any changes you might did in the Document Root. Otherwise Let's Encrypt apache plugin will be unable to find the actual webroot to install the certificate. If you do not do this you will probably end up with Le'ts Encrypt generating some 404 error about not finding some files in the .well-known/acme-challenge folder. After successfully issuing the certificates you can repair your apache2.conf document root for your multisite.
2. If you wish to install a Let's Encrypt certificate in the main site of your drupal multisite you should temporarily disable your .htaccess. If you do not a 403 error about authentication authorization appears. So you should rename your .htaccess to something else, issue the certificate with the normal process and then fix the .htaccess back. If you need more on this issue read here https://community.letsencrypt.org/t/dru ... ation/3014.
1. Before trying to install any certificate in your Drupal multisite go to your apache2.conf and undo any changes you might did in the Document Root. Otherwise Let's Encrypt apache plugin will be unable to find the actual webroot to install the certificate. If you do not do this you will probably end up with Le'ts Encrypt generating some 404 error about not finding some files in the .well-known/acme-challenge folder. After successfully issuing the certificates you can repair your apache2.conf document root for your multisite.
2. If you wish to install a Let's Encrypt certificate in the main site of your drupal multisite you should temporarily disable your .htaccess. If you do not a 403 error about authentication authorization appears. So you should rename your .htaccess to something else, issue the certificate with the normal process and then fix the .htaccess back. If you need more on this issue read here https://community.letsencrypt.org/t/dru ... ation/3014.
Re: [SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
You should be able to avoid having Drupal's (or any other app's) rewrites interfere with webroot auth by using a common webroot directory for all of your domains, accessed by an Alias set in your main Apache config. Apache will route requests there before it gets to the site, so the .htaccess will never be parsed.
Create a common directory to use as your webroot for all LE certs, such as /etc/letsencrypt/webroot:
Then create a letsencrypt.conf file in your Apache conf.d directory (/etc/httpd/conf.d in RHEL, Fedora, CentOS, etc., but it varies with other Linux distros):
When you request a cert, be sure to specify "--webroot -w /etc/letsencrypt/webroot"
If you're interested in a fully automated solution, check out https://github.com/interbrite/letsencrypt-vesta.
Create a common directory to use as your webroot for all LE certs, such as /etc/letsencrypt/webroot:
Code: Select all
mkdir -p /etc/letsencrypt/webroot
Code: Select all
Alias /.well-known/acme-challenge /etc/letsencrypt/webroot/.well-known/acme-challenge
When you request a cert, be sure to specify "--webroot -w /etc/letsencrypt/webroot"
If you're interested in a fully automated solution, check out https://github.com/interbrite/letsencrypt-vesta.
Re: [SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
Sounds great! I will test it as soon as possible in a clean Debian 8 + Vesta + Drupal 7 installation and then I will try it out with WordPress and Joomla.kodiak wrote:You should be able to avoid having Drupal's (or any other app's) rewrites interfere with webroot auth by using a common webroot directory for all of your domains, accessed by an Alias set in your main Apache config. Apache will route requests there before it gets to the site, so the .htaccess will never be parsed.
Can you tell me the command you use for issuing certificates?
I am using (with the .htaccess workaround and a letsencrypt native installation in Debian 8 Testing)
This way it works but in some point I am getting a "semi-error" about no VHOST found and I have to choose between the defaults. I press cancel all the time (I didn't want to mess with any of the default files even I think they are not being used by Vesta) but then I get "Congratulations" about my new successfully issued certificate.letsencrypt --webroot -w /home/admin/web/my-domain.com/public_html/ -d my-domain.com -d http://www.my-domain.com --agree-tos --email [email protected] --verbose
Is there anything we can do here? A workaround for the wizard to find the correct VHOST or is not even necessary? I assume that this problem will remain even with your solution since it is about vhost.
Re: [SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
You should add "certonly" to the end of your command. That way the Let's Encrypt client will handle the certificate generation, but it won't try to update your Apache and/or Nginx configurations.
Also, not sure it makes a difference, but you should be specifying only domain names, not URLs, for your -d (domain) flags. For example:
Since you asked, here's the command I use:
Also, not sure it makes a difference, but you should be specifying only domain names, not URLs, for your -d (domain) flags. For example:
Code: Select all
-d my-domain.com -d www.my-domain.com
Code: Select all
letsencrypt-auto -t --renew-by-default --agree-tos --webroot -w /etc/letsencrypt/webroot
--server https://acme-v01.api.letsencrypt.org/directory -d my-domain.com,www.my-domain.com
-m [email protected] certonly
Re: [SOLVED] Vesta + Let's Encrypt + Drupal Multisite authorization problem while issuing certificate
LetsEncrypt support added.
CLI commands for now, GUI will be later.
ENG: viewtopic.php?t=11927
RUS: viewtopic.php?t=11905
CLI commands for now, GUI will be later.
Code: Select all
v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART]
v-add-letsencrypt-user USER [EMAIL]
v-check-letsencrypt-domain USER DOMAIN
v-list-letsencrypt-user USER [FORMAT]
v-sign-letsencrypt-csr USER DOMAIN CSR_DIR [FORMAT]
v-update-letsencrypt-ssl
RUS: viewtopic.php?t=11905