Scenario:
I have a Java application that requires some sensitive data to make some connections to services. In an effort to solve the "Do not hard-code credentials" I have created an encrypted handshake between the Java application and a remote server.
The verification is performed by a PHP script that I wrote. It works great using PHP but receives an response code of 403 when using HTTPS. I am unable to reach the script using HTTPS through the Google Chrome and Microsoft Edge browsers as well.
I contacted my server host and their response was that there was a problem with the script and they had done all that they could do. They noted an error in the logs (that I have not been able to access) that stated:
[Mon Jul 23 22:07:18.864507 2018] [:error] [pid 33343] [client 87.118.135.66:56676] Options ExecCGI is off in this directory: /usr/local/apache/htdocs/...
Then the support staff noted:
In my opinion this is an issue with the script itself which might be referencing /usr/local/apache/htdocs/.
After searching around for this option I created a .htaccess
file and added the following lines:
Allow From All
Options +ExecCGI
No change, I have tried many other solutions involving .htaccess
(too many to list here) that have not worked.
I found more solutions that indicated that my permissions were off, so I checked. I moved all of my file permissions up to 755
yet no avail. I even changed the imported file permissions to 755
even though there is no issue with it when using HTTP.
I would rather not post my security script here if I don't have too, so I created an index.php
file in the same directory as my scripts in hopes that I could get something simple like this to respond, yet nothing.
An SSL Wildcard from Let's Encrypt is applied to the parent domain siliconmindtech.com. The test URL in question is:
Not Working
https://piknpak.siliconmindtech.com/index.php
Working
http://piknpak.siliconmindtech.com/index.php
Please advise as this is driving me crazy.
Thanks!
Solved,
The issue was simple, I just misunderstood the technology that I was using. I used Let's Encrypt to create a wildcard on my parent domain that would effect all sub-domains.
Well this did not work out as intended. I was still unable to access my *.siliconmindtech.com
content with HTTPS.
In the effort of solving things I was poking around in my Let's Encrypt CPanel configuration and decided to just add an independent SSL Certificate directly to my sub-domain. Voilà! That made it work.
Thank you to all that viewed this question and commented.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.