search

plesk / letsencrypt-plesk

Let’s Encrypt extension for Plesk gives all Plesk users the power to get a free Let’s Encrypt certificate with just a couple of clicks.
https://www.plesk.com/extensions/letsencrypt/
180 stars 25 forks source link

Patch: Allow challenge for protected webroot #198

Open HolySmoke86 opened 6 years ago

HolySmoke86 commented 6 years ago

I have a few webs that protect their Webroot via the "Protected Dirs" config (nginx auth_basic). This prevents letsencrypt from accessing the ACME challenge response. The following patch changes the template generation of per-vhost nginx configuration files to disable basic auth for the .well-known/acme-challenge directory:

--- /opt/psa/admin/conf/templates/default/domain/service/nginxProtectedDirectories.php.orig 2018-02-06 12:55:48.586891199 +0100
+++ /opt/psa/admin/conf/templates/default/domain/service/nginxProtectedDirectories.php  2018-02-06 12:54:48.034348146 +0100
@@ -13,6 +13,12 @@
         auth_basic "<?php echo strlen($directory['realm']) > 0 ? $directory['realm'] : ' ' ?>";
         auth_basic_user_file "<?php echo $directory['authFile'] ?>";

+       <?php if (ltrim($directory['relativePath'] . '/', '/') == ''): ?>
+       location ~ \.well-known/acme-challenge {
+           auth_basic off;
+       }
+       <?php endif ?>
+
     <?php if ($VAR->domain->physicalHosting->php && $VAR->domain->physicalHosting->proxySettings['nginxServePhp']): ?>

         location ~ \.php(/.*)?$ {