le2ispc icon indicating copy to clipboard operation
le2ispc copied to clipboard

Published 20 hours ago verified publisher icon sjau

disable Apache mod_proxy/proxyhttp while authorisation

Open Pappmann opened this issue 9 years ago • 10 comments

I have a nodebb Forum running on my domain with running on another port.

with Apache directives "ProxyPass/ProxyPassReverse" failed authorisation:

/le2ispc# le2ispc mydomain.tld
PHP Notice:  Array to string conversion in /le2ispc/le2ispc on line 52
1. Get the domain name(s): mydomain.tld Array.
2. Query MySQL whether it's a vhost.
3. Prepare Server for webroot authentication.
4. Run Let's Encrypt Tool
Failed authorization procedure. www.mydomain.tld (http-01): rn:acme:error:unauthorized ::
The client lacks sufficient authorization :: 
Invalid response from http://www.mydomain.tld/.well-known/acme-challenge
/PWn8pH2kpnSC4vLlUu8nG57sFpITVviVGFuR3rC7v9Y [12.23.456.890]: 503, mydomain.tld
(http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid
response from http://mydomain.tld/.well-known/acme-challenge
/WLKx2vFYGaGx6hJ0qFrsMBI3dOsVadS-ABobgui6kk [12.34.567.890]: 503
Sorry, there was some error. Please check:
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --text --agree-tos --renew-by-default --rsa-key-size 4096 --email [email protected] -d mydomain.tld -d www.mydomain.tld -a webroot --webroot-path /var/www/ certonly
IMPORTANT NOTES:
 - The following 'urn:acme:error:unauthorized' errors were reported by the server:

Domains: mydomain.tld, www.mydomain.tld
Error: The client lacks sufficient authorization

after deleting "ProxyPass/ProxyPassReverse" its working:

/le2ispc# le2ispc mydomain.tld
PHP Notice:  Array to string conversion in /le2ispc/le2ispc on line 52
1. Get the domain name(s): mydomain.tld Array.
2. Query MySQL whether it's a vhost.
3. Prepare Server for webroot authentication.
4. Run Let's Encrypt Tool
5. Read SSL info into vars.
6. Insert SSL info via API.
Done.

please add feature to temporarily disable Apache ProxyPass while running le2ispc/le2ispc_renewer script.

Pappmann avatar Jan 06 '16 02:01 Pappmann

not really sure what proxypass is? is that related to the apache mod_proxy?

sjau avatar Jan 11 '16 13:01 sjau

Yes is apache mod_proxy

Pappmann avatar Jan 12 '16 08:01 Pappmann

I added an option in https://github.com/sjau/le2ispc/commit/929daf4d6d3571e68f57127d60fc619b93a30d64

  • didn't test it though but it should work.

sjau avatar Jan 14 '16 12:01 sjau

Do not release anything untested. explode() needs two parameters, first being the delimiter.

wzurborg avatar Jan 14 '16 13:01 wzurborg

I tested it... in my brain :) How could I miss the 2 params for explode.. I've used them so often... anyway, fixed.

sjau avatar Jan 14 '16 13:01 sjau

@Pappmann

Does it work now for you?

sjau avatar Jan 28 '16 07:01 sjau

i will test it soon

Pappmann avatar Jan 31 '16 18:01 Pappmann

Does it work meanwhile?

sjau avatar Feb 23 '16 09:02 sjau

disabling modules "proxy_http,proxy_html" is working but there is error:

 Invalid response from http://www.my-domain.com/.well-known/acme-challenge/....  500 and 404

Re-enable the disabled modules is working only, when script is running succesfull, if not, i have to enable it manually.

The webspace is not available with disabled proxy modules, because apache wants to follow the apache directives. Is there any idea to disable apache directives in ispc when script is running?

If any Redirect in ISPC is configured, then script does not work too.

Pappmann avatar Mar 06 '16 21:03 Pappmann

Did you get it to work meanwhile?

sjau avatar Sep 28 '16 09:09 sjau