• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Question Password protection - except for subfolder?

D

DerekTP

New Pleskian
I have a site hosted on Windows with Plesk. I need to both password-protect the root folder, but also wish to use "Let's Encrypt" SSL encryption. Once the password protection is on, attempts to renew the certificate fail because the request to the challenge in /.well-known folder is forbidden due to lack of password. Is there a way aournd this (explicitly removing protection for the subdirectory); if not I will need to disable the password protection, renew the certificate, then re-enable protection; can I do that without losing all the username/passwords?
 
Answering part of my own question, in case it helps others... haven't found a way to have an unprotected subfolder under a password-protected root; but a workaround to manually renew the certificates is as follows (all in Plesk)
  1. Go to Password Protected directories
  2. Click on the name of the protected root directory - this will list the names of the users
  3. Click on "directory settings" - this shows the directory path and the title you've given it
  4. Change the path ("directory name") to a non-existent directory, and click OK
  5. Plesk removes the protection for the root folder; you can now go back to Websites & Domains, and click on Let's encrypt
  6. Click "renew" at the bottom of the page; this process takes quite a few seconds
  7. When confirmed that renewal of the SSL certificate is complete, repeat steps 1 - 4 above but change the directory path back to the original (just / for the root folder)
This temporarily removes the password protection and allows you to manually trigger renewal of the certificate.

A further issue I've found with SSL renewal is if you have automatic redirection from http: to https: enabled; (in IIS Settings, Require SSL/TLS is checked). The renewal process verifies by calling a page over http, and doesn't follow the automatic redirection; renewal therefore fails. You'd need to uncheck the Require SSL/TLS checkbox temporarily, then do a manual renew of your certificate.
 
You must log in or register to reply here.

Similar threads

R
Issue Problem let´s Encrypt and DNS AAAA. IP6
Replies
1
Views
1K
scsa20
scsa20
C
Issue Advisor warning about SSL (tuneup)
Replies
1
Views
561
Ch3vr0n
C
S
Issue Let's Encrypt uses wrong ACME challenge type
Replies
1
Views
6K
mr-wolf
M
T
Resolved Let's encrypt Certs doe not get renewed and cannot be issued
Replies
3
Views
3K
whyicantgetin
W
ServerObserver
Issue Let's Encrypt extension can not issue or renew certs: error 400
Replies
2
Views
6K
merkwebs
M
Back
Top