I am trying to turn off the authentication for a subdirectory that is
protected by authentication

admin.bios-living.com

is protected as a virtual domain

<VirtualHost *:80>
ServerName admin.bios-living.com
ServerAdmin ruben@mrbrklyn.com
DocumentRoot "/usr/local/apache2/htdocs/admin"
Alias "/.well-known/acme-challenge/" "/usr/local/apache2/htdocs/tokens/"
# SSLEngine on
# SSLOptions +StrictRequire
# SSLCertificateFile /var/lib/ca-certificates/pem/bios-living.com.crt
# SSLCertificateKeyFile /etc/ssl/private/bios-living.com.key
Header set Cache-Control "no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "0"

Options Indexes
<Files *.html>
SetHandler perl-script
PerlResponseHandler Embperl
</Files>
<Location "/">
AuthType basic
AuthName "admin"
AuthBasicProvider file
AuthUserFile "/usr/local/apache2/conf/admin.auth"
Require valid-user
Options +Indexes +FollowSymLinks
</Location>


Now I need to carve out a resource for letsencrypt without
authentication and without ssl

Nothing seems to work

Alias "/.well-known/acme-challenge/" "/usr/local/apache2/htdocs/tokens/"


<Location "/.well-known/acme-challenge/">
Require all granted
</Location>


<Directory "/usr/local/apache2/htdocs/tokens/">
Require all granted
</Directory>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 6 May 2020 09:58:48 -0400
Popping Mad <rainbow@colition.gov> wrote:

I am trying to turn off the authentication for a subdirectory that is protected by authentication

admin.bios-living.com

is protected as a virtual domain

<VirtualHost *:80>
ServerName admin.bios-living.com
ServerAdmin ruben@mrbrklyn.com
DocumentRoot "/usr/local/apache2/htdocs/admin"
Alias "/.well-known/acme-challenge/"
"/usr/local/apache2/htdocs/tokens/" # SSLEngine on
# SSLOptions +StrictRequire
#
SSLCertificateFile /var/lib/ca-certificates/pem/bios-living.com.crt
# SSLCertificateKeyFile /etc/ssl/private/bios-living.com.key
Header set Cache-Control "no-store, must-revalidate" Header set
Pragma "no-cache" Header set Expires "0"

Options Indexes
<Files *.html>
SetHandler perl-script
PerlResponseHandler Embperl
</Files>
<Location "/">
AuthType basic
AuthName "admin"
AuthBasicProvider file
AuthUserFile "/usr/local/apache2/conf/admin.auth"
Require valid-user
Options +Indexes +FollowSymLinks
</Location>

Now I need to carve out a resource for letsencrypt without
authentication and without ssl

Nothing seems to work

Alias "/.well-known/acme-challenge/"
"/usr/local/apache2/htdocs/tokens/"

<Location "/.well-known/acme-challenge/">
Require all granted
</Location>

<Directory "/usr/local/apache2/htdocs/tokens/">
Require all granted
</Directory>

Generally what I do is map /.well-known/ to a common directory on the
system, such as /var/www/well-known that was the same well-known can be
used across many virtual hosts. Ounce you have that setup you can use a
very simple implementation of ACME such as dehydrated.sh https://github.com/dehydrated-io/dehydrated tell it to put challenge
files in /var/www/well-known/ and setup a cron job for it (see
documentation).

That way you can even manage (at least with NGINX) the entire wellknown directly with separate permissions and a simple include
snippers/acme.conf for sites. I'm sure you could re-implement similar functionality in Apache.

Hope this helps
Tom

--
____________________________________
/ An idea is not responsible for the \
\ people who believe in it. /
------------------------------------
\
\
/\ /\
//\\_//\\ ____
\_ _/ / /
/ * * \ /^^^]
\_\O/_/ [ ]
/ \_ [ /
\ \_ / /
[ [ / \/ _/
_[ [ \ /_/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)