Lets Encrypt 403 - The client lacks sufficient authorization. Drupal 7 Site

1
votes

When trying to generate the LetsEncript cert I am getting the following 403.

[ec2-user@myip html]$ /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Version: 1.1-20080819 Version: 1.1-20080819 Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/IDug1d_rT8rZNPQQfdsgfdgsdfBKRJaHMTa3kulh4HnQ [52.30.98.10]: 403

IMPORTANT NOTES: - The following errors were reported by the server:

Domain: mydomain.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-
challenge/IDug1d_rT8rZNPQQkjsdgfdgdfggdfajhsTa3kulh4HnQ
[52.30.98.101]: 403

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

2
apache.htaccessdrupalamazon-ec2lets-encrypt

2 Answers

5
votes

How to Configure Let’s Encrypt on Drupal

To make your Drupal site work with Let’s Encrypt, below are the changes require in the htaccess file.

This line:

<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">

Swapped by this line:

<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">

And, this line:

RewriteRule "(^|/)\." - [F]

Swapped by this line:

RewriteRule "(^|/)\.(?!well-known)" - [F]

Source: https://support.cloudways.com/configure-drupal-lets-encrypt/

0
votes

It turned out that Drupal's .htaccess file (rightly so) was not allowing the hidden file to be accessed. I temporarily renamed the .htaccess file to .temphtaccess and the authorisation worked.

/opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Version: 1.1-20080819 Version: 1.1-20080819

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2016-07-17. To obtain a new version of the certificate in the future, simply run Let's Encrypt again. - If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le