• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Password protection - except for subfolder?

D

DerekTP

New Pleskian
I have a site hosted on Windows with Plesk. I need to both password-protect the root folder, but also wish to use "Let's Encrypt" SSL encryption. Once the password protection is on, attempts to renew the certificate fail because the request to the challenge in /.well-known folder is forbidden due to lack of password. Is there a way aournd this (explicitly removing protection for the subdirectory); if not I will need to disable the password protection, renew the certificate, then re-enable protection; can I do that without losing all the username/passwords?
 
Answering part of my own question, in case it helps others... haven't found a way to have an unprotected subfolder under a password-protected root; but a workaround to manually renew the certificates is as follows (all in Plesk)
  1. Go to Password Protected directories
  2. Click on the name of the protected root directory - this will list the names of the users
  3. Click on "directory settings" - this shows the directory path and the title you've given it
  4. Change the path ("directory name") to a non-existent directory, and click OK
  5. Plesk removes the protection for the root folder; you can now go back to Websites & Domains, and click on Let's encrypt
  6. Click "renew" at the bottom of the page; this process takes quite a few seconds
  7. When confirmed that renewal of the SSL certificate is complete, repeat steps 1 - 4 above but change the directory path back to the original (just / for the root folder)
This temporarily removes the password protection and allows you to manually trigger renewal of the certificate.

A further issue I've found with SSL renewal is if you have automatic redirection from http: to https: enabled; (in IIS Settings, Require SSL/TLS is checked). The renewal process verifies by calling a page over http, and doesn't follow the automatic redirection; renewal therefore fails. You'd need to uncheck the Require SSL/TLS checkbox temporarily, then do a manual renew of your certificate.
 
You must log in or register to reply here.

Similar threads

R
Issue Problem let´s Encrypt and DNS AAAA. IP6
Replies
1
Views
1K
scsa20
scsa20
C
Issue Advisor warning about SSL (tuneup)
Replies
1
Views
549
Ch3vr0n
C
S
Issue Let's Encrypt uses wrong ACME challenge type
Replies
1
Views
6K
mr-wolf
M
T
Resolved Let's encrypt Certs doe not get renewed and cannot be issued
Replies
3
Views
3K
whyicantgetin
W
ServerObserver
Issue Let's Encrypt extension can not issue or renew certs: error 400
Replies
2
Views
6K
merkwebs
M
Back
Top