Let's Encrypt and CakePHP 2.x


#1

I have a site that was provided to us by a freelancer in CakePHP 2.x I set it up on our dev server and was able to use certbot to acquire a SSL/TLS Let’s Encrypt without changing anything in his files. We also use certbot for handfuls of Drupal 8 sites on that server without problems. Yet when I tried to transfer it to my live server and run the command sudo certbot --apache -d calculator.360-biz.com I am continuously getting the error:

The following error was encountered:
Saving debug log to /var/log/letsencrypt/letsencrypt.lock
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for calculator.360-biz.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. calculator.360-biz.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://calculator.360-biz.com/.well-known/acme-challenge/QtZSR9fAK7T7xmXxa-iZelSAP_eX-DJgxmko1KdgZRM: "<!DOCTYPE html>\n<html lang=\"en\" dir=\"ltr\" prefix=\"content: http://purl.org/rss/1.0/modules/content/  dc: http://purl.org/dc/term"

I decided to ask here because it seems that this was a big issue for Cake 2.x. I feel like I’ve checked everything out and can’t come to anything. What’s the issue? Permissions should be fine as well. Ownership and mode seem to be perfectly permissive. So first, my simple Apache entry:

<VirtualHost *:80>
ServerName calculator.360-biz.com
DocumentRoot /var/www/html/calculator
DirectoryIndex index.php
CustomLog logs/calc-access_log common
ErrorLog logs/calc-error_log
<Directory "/var/www/html/calculator">
AllowOverride All
Require all granted
Options -Indexes
</Directory>
</VirtualHost>

The contents of my .htaccess in /var/www/html/calculator/ is:

<IfModule mod_rewrite.c>
        RewriteEngine on
        # Uncomment if you have a .well-known directory in the root folder, e.g. for the Let's Encrypt challenge
        # https://tools.ietf.org/html/rfc5785
        RewriteRule ^(\.well-known/.*)$ $1 [L]
        RewriteRule ^$ app/webroot/ [L]
        RewriteRule (.*) app/webroot/$1 [L]
</IfModule>

The contents of .htaccess in /var/www/html/calculator/app:

<IfModule mod_rewrite.c>
        RewriteEngine on
        # Uncomment if you have a .well-known directory in the root folder, e.g. for the Let's Encrypt challenge
        # https://tools.ietf.org/html/rfc5785
        RewriteRule ^(\.well-known/.*)$ $1 [L]
        RewriteRule ^$ app/webroot/ [L]
        RewriteRule (.*) app/webroot/$1 [L]
</IfModule>

And finally the contents of .htaccess in /var/www/html/calculator/app/webroot/

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
        RewriteRule ^(\.well-known/.*)$ $1 [L]
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [L]
</IfModule>

EDIT:
Also I verified my DNS is pointing to the right server (done that once or twice). Also verified that the contents of app/Config/settings.php are correct with
define("SITE_URL","http://calculator.360-biz.com");


#2

This is still an issue. Bump in case it was just the holidays that this got ignored.


#3

If you manually place a file in /var/www/html/calculator/.well-known/ (say, test.txt), and then try to access it through your browser as http://calculator.360-biz.com/.well-known/test.txt, what do you get? This should help you debug your .htaccess in a more controlled manner, without needing to keep running certbot.