Hi,
I have a live web server running mydomain.com just fine.
I want to start working on an updated site which for now I will call new.mydomain.com. I created a new Ubuntu 22.04 VM on Azure and installed CyberPanel 2.3 Build 5 from script. For now this development server will only run the temporary domain, but eventually it will become the live server.
On the new server, I created host mydomain.com.
In OpenLiteSpeed > Listeners, I added the new.mydomain.com domain for both Default and SSL listeners. I can successfully resolve the “CyberPanel Installed” default page at http://new.mydomain.com.
Now I follow How to fix SSL issues in CyberPanel - Knowledge Base to try to manually create a cert for my new subdomain:
sudo /root/.acme.sh/acme.sh --issue -d new.mydomain.com --cert-file /etc/letsencrypt/live/mydomain.com/cert.pem --key-file /etc/letsencrypt/live/mydomain.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mydomain.com/fullchain.pem -w /home/mydomain.com/public_html --server letsencrypt --force --debug
Everything looks fine–the /home/mydomain.com/public_html/.well-known/acme-challenge folder is created and the token is in the folder–but then LiteSpeed fails to serve the file, instead returning a 404 error. In fact, if I put a test file in that folder, I get a 404 error. But if I rename 'acme-challenge" to “acme-challenge2”, the test file is served no problem. Access log excerpts:
Let' Encrypt gets 404:
"23.178.112.211 - - [18/Jul/2024:22:55:45 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"162.239.101.22 - - [18/Jul/2024:22:56:33 +0000] "GET /.well-known/acme-challenge/zRQZ7A3nUaCIhzek4z_AS9NYDC3vI-FTMV3cjVwFEAM HTTP/1.1" 404 711
"23.178.112.100 - - [18/Jul/2024:22:57:19 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)""
"57.154.54.210 - - [18/Jul/2024:22:57:22 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 1249 "-" "acme.sh/3.0.8 (https://github.com/acmesh-official/acme.sh)""
"162.239.101.22 - - [18/Jul/2024:22:57:54 +0000] "GET /.well-known/acme-challenge/dydMA12q_nQMhcojYWoHC1O5MI4MkS5BnQtiAMXGaN4 HTTP/1.1" 404 711
/.well-known/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:14:54 +0000] "GET /.well-known/test.html HTTP/1.1" 200 4
/.well-known/acme-challenge/test.html gets 404:
"162.239.101.22 - - [18/Jul/2024:23:15:17 +0000] "GET /.well-known/acme-challenge/test.html HTTP/1.1" 404 711
Renamed folder /.well-known/acme-challenge2/test.html works:
"162.239.101.22 - - [18/Jul/2024:23:45:42 +0000] "GET /.well-known/acme-challenge2/test.html HTTP/1.1" 200 4
It’s like LiteSpeed is intercepting any attempt to access acme-challenge and blocking it.
It seems this was reported two years ago but not resolved:
How do I get a cert for my temporary subdomain?