I've been testing the hosting_le module with apache, but kept getting 403 forbidden when validating the challenges. It seems that for the Alias directives added in ccce1ca to work we also need to allow access to the /var/aegir/tools/le/.acme-challenges directory.

I didn't know if this belonged here or in hosting_le, but since the Alias directives were added in the config template files I'm reporting it here.

CommentFileSizeAuthor
#2 provision-allow_access_to_acme_challenges-2730977-1.patch2.17 KBmpv
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mpv created an issue. See original summary.

mpv’s picture

mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commented
FileSize
provision-allow_access_to_acme_challenges-2730977-1.patch2.17 KB

Here's a patch that is working for me.

mpv’s picture

mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commented
Status: Active » Needs review

  • omega8cc committed 7bff65d on 7.x-3.x authored by mpv 
    Issue #2730977 by mpv: 403 Forbidden for hosting_le acme challenges
omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Status: Needs review » Fixed

Good catch. Thanks for the patch!

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
CreditAttribution: ergonlogic at Ergon Logic Enterprises for Aegir Cooperative commented
Status: Fixed » Needs work

Please revert that commit. As in #2731605: Hardcoded hosting_le code limits behavior with regards to the .well-known directory, this should really be in implementations of drush_hook_provision_nginx_dir_config(), and the Apache equivalent, that live in hosting_le.module.

mpv’s picture

mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commented

Ok, I agree.

I've started testing with this hook in hosting_le (only apache), will play with it a little more when I get the time.

<?php
function provision_hosting_le_provision_apache_vhost_config($uri, $data) {
  $aegir_root = d('@server_master')->aegir_root;
  $vhost = array();

  $vhost[] = 'Alias /.well-known/acme-challenge ' . $aegir_root . '/tools/le/.acme-challenges';
  $vhost[] = '# Allow access to hosting_le challenges directory.';
  $vhost[] = '<Directory "' . $aegir_root  . '/tools/le/.acme-challenges">';
  $vhost[] = '  Require all granted';
  $vhost[] = '</Directory>';

  return $vhost;
}
?>

Thanks for the review.

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Status: Needs work » Fixed

This has been already reverted in: #2731605: Hardcoded hosting_le code limits behavior with regards to the .well-known directory

The commit: http://cgit.drupalcode.org/provision/commit/?id=9c74c16

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented

@mpv -- we have implemented this in hosting_le instead.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.