letsencrypt topic about this issue: https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983/2
This is due to a security incident with LetsEncrypt
Incident Status Security Issue
Components acme-v01.api.letsencrypt.org (Production), acme-staging.api.letsencrypt.org (Staging), acme-staging-v02.api.letsencrypt.org (Staging)
Locations High Assurance Datacenter 1, High Assurance Datacenter 2
letsencrypt renew output
Detail: Invalid response from
nginx error log
66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂
Spent almost 12h figuring out why a htaccess / htpasswd wasn’t working…
[Mon Apr 04 14:45:45.605734 2016] [authn_file:error] [pid 21193] (13)Permission denied: [client 84.91.XXX.XXX:62465] AH01620: Could not open password file: /home/rocker/public_html/control/data/.htpassw
That was it! File permissions!
I had to enable CGI on this new recent server
sudo a2enmod cgi
sudo service apache2 restart
But I was getting a error script not found or unable to stat
[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4
I had to edit the .conf file
and add the following lines
ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Allow from all
and then reload the apache configurations
service apache2 reload
This worked for me.
$new_password = password_hash($old_password, PASSWORD_BCRYPT);
password_hash() creates a new password hash using a strong one-way hashing algorithm. password_hash() is compatible with crypt().
Therefore, password hashes created by crypt() can be used with password_hash().
PASSWORD_BCRYPT – Use the CRYPT_BLOWFISH algorithm to create the hash.
This will produce a standard crypt() compatible hash using the “$2y$” identifier. The result will always be a 60 character string, or FALSE on failure. Supported Options:
You don’t have permission to access /galleries/ on this server.
Remove Apache version signature
On ServerTokens uncomment the line with ServerTokens Prod or add it.
Uncomment the ServerSignature Off entry or add it.
Remove PHP version from headers
I guess that by default they are disabled, but in any case you can remove it by editing the php.ini and set expose_php to off.
sudo nano /etc/php5/apache2/php.ini
So, on my recent DO droplet I had to install Apache (2.4.10) to run a web application for a client.
[email protected]:/home/webroot# apache2 -v
Server version: Apache/2.4.10 (Ubuntu)
Server built: Mar 9 2015 11:53:48
After configuring the subdomain/virtual host I was getting a 403 for it.
This was the error on the error.log…
[Thu Jul 16 21:00:28.919036 2015] [authz_core:error] [pid 17411] [client 84.XXX.XXX.XXX:53565] AH01630: client denied by server configuration: /home/webroot/www/public/index.php
So, this is my current snap of my domain.conf – working -.
Options Indexes FollowSymLinks MultiViews
#allow from all
Require all granted
GoAccess is an open source real-time Apache log analyzer and interactive viewer that runs in a terminal in *nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.
All credits go to http://www.ubuntugeek.com/goaccess-visual-apachenginx-log-analyzer.html
Continue reading GoAccess – analyzer and interactive viewer of apache or nginx logs