CPanel SSL Renew on password protected site

We have a site where we host demo websites that we do for our customers. We don’t want search engines to index these sites or strangers to see them. So it is password protected. The problem is Cpanel Auto SSL needs to access URI like /.well-known/ for SSL domain validation. With password protection, SSL domain verification fails and you won’t be able to renew the SSL certificate.

In this post, I am doing it for domain demo.hostonnet.com with Cpanel username hostond.

Redirect HTTP to HTTPS

I want to force all buy SSL verification requests to get redirected to HTTPS. For this, i created a folder

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/hostond/demo.hostonnet.com/

Now create a file

vi /etc/apache2/conf.d/userdata/std/2_4/hostond/demo.hostonnet.com/force-ssl.conf

Add following content to it.

RewriteEngine On 
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

This will redirect all requests that do not start with URI .well-known to HTTPS.

Password Protect site

Since HTTP only allows domain validation (pages inside folder .well-known) and redirects all other requests to HTTPS, we only need to password protect the HTTPS side of the website.

First, create a directory

mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/hostond/demo.hostonnet.com/

Create file

vi /etc/apache2/conf.d/userdata/ssl/2_4/hostond/demo.hostonnet.com/password.conf

Add following content

    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/demo-hon-htpaswd
    Require valid-user

Setting Password

HTTP Basic authentication password is stored in file /etc/apache2/demo-hon-htpaswd. To set password, use htpasswd command.

To create a user, use

htpasswd -c /etc/apache2/demo-hon-htpaswd admin

This will create a user with the username “admin”. You will be asked to enter a password.

Now restart apache

systemctl restart httpd

See Cpanel Server