I moved a static version of https://cinquepermille.wikimedia.it/ on Intreccio server.
The vhost is located in /var/www/cinquex1000/www
The old wp files have been moved to the "oldwp" directory. Should me moved to /var/www/cinquex1000/ before be deleted.
I tried to config apache /etc/apache2/sites-available/it-wikimedia-cinquepermille-ssl.conf configuring the document root, but i sitll get 403 error
We created a small harden script to fix everything and also harden it a bit:
#!/bin/bash # Give maximum visibility but in read-only for everyone chmod o+r -R /var/www/cinquex1000/www chown root: -R /var/www/cinquex1000/www # Allow to enter in directories chmod og+x /var/www/cinquex1000/www # Give minimum visibility to secretssss shhh chmod o= /var/www/cinquex1000/www/sendsms.php # Give write permissions to some files chown www-data: /var/www/cinquex1000/tokens.txt
Bob ti saluta
(I moved the tokens.txt file in the parent directory as tokens.txt.old since it seems it was an old one)
Hi @valerio.bozzolan ,
I made some small improvments and i moved all the code here:
https://gitlab.wikimedia.org/nex/wmit-cinquepermille
So I had to "re-import" the project via git and, you now, I had some directory troubles.
I moved the document root to /var/www/cinquex1000/wmit-cinquepermille/www
I modified /etc/apache2/sites-available/it-wikimedia-cinquepermille-ssl.conf to match the correct path and to made the page works.
I think you should create a new .well-known symlink to make Lets' Encrypt renewals script work correctly.
I'm sorry for the inconvenient.
Please let's take a look to check if for you is ok.
Domani mi faccio raccontare da Bob tra un bicchiere di barbera e l'altro.
;-)
I see expiration date Sat, 03 Jun 2023 01:24:13 GMT
Have you done something manually?
I moved the vhost document root, then I had to create a new symlink to .well-known directory, to make the Let's Encrypt auto renewal works.
I'm not sure about permission and other possible configurations.
Please check if it works as expected before the expire date.
Thank you in advance.
Everything was OK, well done
The important thing is that the /.webroot files must be readable by www-data (or just readable by everybody of course). And that was already OK.
The certbot to my knowledge is always root, so no write problems.
I just tested with:
$ certbot renew --cert-name cinquepermille.wikimedia.it --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/cinquepermille.wikimedia.it.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for cinquepermille.wikimedia.it Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/cinquepermille.wikimedia.it/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/cinquepermille.wikimedia.it/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -