Adding .html to challenge


#1

Do the server at letsencypt.org give the filename of the challenge or does the client?

My webserver is challenged in the way it will not serve files without extensions.
I.e. it will serve xyzzy.html but not xyzzy

Instead of tryint to modify the webserver, I tried to modify certbot to put add .html to the challenge, and I could shortly see a file like .well-known/acme-challenge/sadkajshdkjashdkjadxka.html but it still got a request for the file without .html

Did I miss something, or am I trying something impossible?

Perhaps I should go for dns-challenge instead, if I can’t persuade the server to serve a file without extension.

Or I could make a .well-known/acme-challenge/sadkajshdkjashdkjadxka/index.html ?


#2

Hi @leifnel, the challenge path is provided by the certificate authority and can’t be modified in any way by the client (the server will try to validate the challenge at the URL that the server proposed, and regard the challenge as failing if it doesn’t receive an appropriate answer).

If your server can’t serve files without .html as part of their names, you’ll need to use a different challenge type, perhaps the DNS challenge.


#3

That might work, yes. Give it a try. It would certainly work under some web servers with some configurations, but i don’t know about yours.

You might also be able to configure the web server to rewrite requests in some way to help


#4

Actually modifying the webserver to serve the file wasn’t difficult.

I wanted to avoid to install a certbot on windows.
So I mounted the webroot of the windowsserver on linux with davfs.
But there seems to be some caching issues, so while when the linux certbot writes the challenge to the davfs, the file appears on the windows side. But it takes long time, many seconds before the contents appear.
So the “certbot challenger” gets an answer from the webserver, but the contents does not match.

So I’m back to square one.


#5

Hmm. I see that davfs2.conf has a setting named delay_upload which defaults to 10

The purpose of this setting is to wait a few seconds after a file is closed before bothering to send it to the server, so that temporary files (e.g from a compiler or similar tool) which will usually be destroyed shortly after they are created, need not be sent. For your application it would be appropriate to set this to zero. Can you try that ?


#6

I could, but then I found http://certify.webprofusion.com/
Currently it doen’t autoupdate certs, but I’ll make a note in my calendar to do it (or set a watchdog)


#7

Would an Apache RewriteRule directive be applicable here?   In other words, take the challenge-URL that Acme demands, and rewrite it on-the-fly so that Apache sees – and serves – the .html file.   (Equivalent mechanisms exist for nginix.)   The Acme challenger would not see the rewrite taking place:   it would only perceive that the file it wanted was served, fulfilling the challenge.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.