Auto SSL failures being caused by Information Disclosure tweak

My Auto-SSL was a failing on a domain that had DNS resolution provided by an external DNS server. This may affect several sites and I will be checking to verify. The certificate error was caused by not being able to write a text file for it to check against: 2:55:15 PM WARN Local HTTP DCV error (mitchholthus.com): The system queried for a temporary file at “http://mitchholthus.com/.well-known/pki-validation/76736A4EE18AD0A6807F09C2D244F6DD.txt”, but the web server responded with the following error: 403 (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist.

After I manually edited the .htaccess file to remove TXT it started working again. As this is a newer WHM/c-panel feature probably need to have an advanced config option to enter a path to the file for each auto-ssl provider c-panel uses...

  • Ash
    • WordPress Hacker

    Hello Raubin

    Thanks for explaining. Yes, a field for excluding a file from the prevent information disclosure would be a great feature like we have for preventing PHP Execution.

    I have marked this as a feature request so that other members can share their thoughts on this. I have also informed the defender team as well.

    Have a nice day!

    Cheers,
    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.