I'm using latest ISPConfig 3.1.15p2, which I upgraded some weeks ago. In the meantime also Debian 9 and php 7.0 had an update. Before updating ISPConfig to latest version (before pack 1) php and debian packages I've created a protected folder, which I now cannot access anymore. Today I created a new protected folder, with new user to this folder and it does not take any effect. Already checked DB for broken things, all OK. Used another browser and cleared cookie and cache, with same effect. Old protected folder cannot be accessed, new one protection does not take any effect. In the meantime the SSL-certificate of both folders (domains) renewed automatically (Let's encrypt) as well. What is wrong here ? How to debug this ?
Then you either missed to enable debug mode or you missed to comment out the server.sh cronjob, both is described in the link I posted. Another possibility is that you missed adding a new protected folder and protected folder user before you ran the script.
sorry, my bad. I missed the debug mode. Errors are: 06.11.2019-08:38 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 06.11.2019-08:38 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
The output shows that you either did not add a new protected folder and folder user right before you ran server.sh or you missed commenting out the server.sh cronjob in root crontab.
Sorry, but I added a folder and also an user. In this case the folder is the / of a domain. And I can see the lines created in the .htaccess as well and also a .htpasswd file was created. Did it all again this moment, step by step. Activated debug mode commented cron added protection to folder added user run the server.sh Result again: 06.11.2019-09:12 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 06.11.2019-09:12 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished.
Ok, thats the correct output now. as you can see, it showed in the log that the user was created. As you checked the .htaccess and password file as well and they contained the right details, then there is no issue in ISPConfig itself. Maybe your site uses a .htaccess file or other custom settings which override the password protection in apache?
You're right. I deleted that and created a new standard WP. Thank you for the help. For the second domain, I will do the same (althought it's a simple html-Site with no complicated .htaccess). Delete and recreate new folder protection and password for that via ISPconfig again. Don't know why this is not working as well. Perhaps something with the SSL which was renewed ?
I doubt that it is related to SSL, but it might be related to a WP plugin, e.g. a caching plugin or other plugin that edits the .htaccess file.
