Let'sEncrypt plugin bug + mpm-itk

    Hi all


    I have found one big problem with Let'sEncrypt plugin with mpm-itk module.
    Plugin create shared folder under /var/www with rights www-data:www-data. Main problem is that this folder unreadable from client domains cause mpm-itk prevent reading any files that not complain client user id and group id. Any web cal just get 403 Forbidden and in this case certs issuing does not work completely.


    Possible solution is create .well-known/acme-challenge dirs under each client home folder and direct all domains and subdomains registered at this client account to this folder. I do not now is it possible but sounds like a solution.


    P.S. Sorry for miss of thread category. I think this thread should be under plugins Support

    Edited once, last by LuxSIte: thread category miss ().

    After quick investigation i have found quick solution which work like a charm under Apache/2.4.10 (Debian 8).
    1.Uninstall LetsEncrypt plugin
    2. Modify file: /var/www/imscp/gui/plugins/LetsEncrypt/templates/LetsEncrypt.conf


    Code
    1. Alias /.well-known/acme-challenge {APACHE_WWW_DIR}/LetsEncrypt/.well-known/acme-challenge
    2. <Directory {APACHE_WWW_DIR}/LetsEncrypt>
    3. {AUTHZ_ALLOW_ALL}
    4. <IfModule mpm_itk_module>
    5. AssignUserID www-data www-data
    6. </IfModule>
    7. </Directory>

    3. Install plugin again
    4. {APACHE_WWW_DIR}/LetsEncrypt/.well-known/acme-challenge - each directory in path LetsEncrypt/.well-known/acme-challenge should completely exists and www-data:www-data CHOWNed

    Edited once, last by LuxSIte: corrections ().

    Normally itk should work as the others because we're not using any php. I'll investigate, thx for your report