Reputation: 1329
Lets Encrypt 403 - The client lacks sufficient authorization. Drupal 7 Site
When trying to generate the LetsEncript cert I am getting the following 403.
[ec2-user@myip html]$ /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Version: 1.1-20080819 Version: 1.1-20080819 Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/IDug1d_rT8rZNPQQfdsgfdgsdfBKRJaHMTa3kulh4HnQ [52.30.98.10]: 403
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: mydomain.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-
challenge/IDug1d_rT8rZNPQQkjsdgfdgdfggdfajhsTa3kulh4HnQ
[52.30.98.101]: 403To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Upvotes: 1
Views: 3119
Answers (2)
Reputation: 66
How to Configure Let’s Encrypt on Drupal
To make your Drupal site work with Let’s Encrypt, below are the changes require in the htaccess file.
This line:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
Swapped by this line:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
And, this line:
RewriteRule "(^|/)\." - [F]
Swapped by this line:
RewriteRule "(^|/)\.(?!well-known)" - [F]
Source: https://support.cloudways.com/configure-drupal-lets-encrypt/
Upvotes: 5
Reputation: 1329
It turned out that Drupal's .htaccess file (rightly so) was not allowing the hidden file to be accessed. I temporarily renamed the .htaccess file to .temphtaccess and the authorisation worked.
/opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Version: 1.1-20080819 Version: 1.1-20080819
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-07-17. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Upvotes: 0
Related Questions
- Nginx configuration, folder permissions and lets-encrypt
- Regex in If condition in apache configuration (let's encrypt configuration for renewal certificate)
- I ran "certbot delete --cert-name". Failed to restart Nginx
- Change webroot-path of registered letsencrypt cert
- LetsEncrypt and CakePhp issue