Protected folders should make an exeption for letsencrypt verification
Currently when you protect /, .well-known/acme-challange
also get's locked out. This makes letsencrypt validation fail.
The following is a workaround for this, I would like to see this implemented in ISPConfig.
If the user has letsencrypt enabled you can use the following:
Apache2 (above require valid-user
in .htaccess):
Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/#
Nginx (in vhost):
# Exclude let's encrypt location /.well-known { }
If wanted I can submit a merge request for this.