Aem sites locked for anonymous users

I had the same issue and in my case the reason was incorrect sling mapping configuration. Try to remove sling mappings you have in /etc/map/... and check if the author instance will work fine. If it will work fine after removing the sling mapping config then you will have to find out what is wrong with it.

May be you can raise a day care ticket (Adobe Support ticket) . I am not sure if your system is corrupted for any reason ?

Allow Anonymous User is checked and I reboot the server. Didn't help.

Also I get this while the instance starts:

20.07.2018 10:44:38.150 *ERROR* [qtp431714949-100] com.day.cq.auth.impl.LoginSelectorHandler requestCredentials: Abort login due to apparent misconfiguration.

20.07.2018 10:44:38.150 *ERROR* [qtp431714949-100] com.day.cq.auth.impl.LoginSelectorHandler requestCredentials: Possible reasons: login page not existing or not accessible

20.07.2018 10:44:38.244 *INFO* [qtp431714949-101] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

20.07.2018 10:44:38.337 *INFO* [qtp431714949-102] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

20.07.2018 10:44:38.337 *ERROR* [qtp431714949-102] com.day.cq.auth.impl.LoginSelectorHandler requestCredentials: Abort login due to apparent misconfiguration.

20.07.2018 10:44:38.337 *ERROR* [qtp431714949-102] com.day.cq.auth.impl.LoginSelectorHandler requestCredentials: Possible reasons: login page not existing or not accessible

Click Allow Anonymous User and re-boot the server - see if that helps.

It was fine before. but under unknown modification this started to happen so I'm willing to find which may be the cause of this because I have no idea where should I be looking into.

Do you think it has something to do with the etc/maps ?

Has this been happening since the Server was installed or was fine then started happening.

No, I can't.  I get that 302 status code.

I'm only allowed to access it after i get login in into crx/de. when i'm logged as an administrator. And I don't understand which may be the cause.

Try hitting the instance with direct host port (http://HOST:PORT/<CONTENT_PATH>.html) and see if anonymous users can access the page or not

Hmm, I don't think I understand.

My experience is not so vast so I don't know what are you talking about by "bypass the webserver and directly try hitting the author/publish instance.

Can you please detail?
Thanks

302 status code would suggest an issue on the apache level or resource mapping configuration. Can you bypass the webserver and directly try hitting the author/publish instance