Alias for /.well-known/acme-challenge

raceface2nd · October 23, 2017, 4:24pm

Hi,

I know there have been several threads regarding the following question, but I didn’t find an answer that was working for me.

With letsencrypt I have an https rewrite in my apache config followed by a proxy to a container and I don’t get it working to except the /.well-known/acme-challenge directory to get the renew not to be rewritten to https. This is my actual config:

<VirtualHost *:80>
        ServerName subdomain.domain.com

        Alias /.well-known/acme-challenge/ /var/www/demo/.well-known/acme-challenge/
        <Directory "/var/www/demo/.well-known/acme-challenge/">
            Options None
            AllowOverride None
            ForceType text/plain
            RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
        </Directory>
        SSLProxyEngine On
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge [NC]
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

With this config all requests to subdomain.domain.com are rewritten to https. How can I except /.well-known/acme-challenge from being rewritten to https?

Any help appreciated!

Thx!

Andy

jared.m · October 23, 2017, 6:12pm

Why are you needing to prevent this redirect? Let’s Encrypt will follow https redirects when retrieving the challenge file, even if it’s to an untrusted certificate.

sahsanu · October 23, 2017, 6:53pm

Hi @raceface2nd,

Change this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge [NC]

to this:

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]

Reload/restart apache and try again.

Cheers,
sahsanu

raceface2nd · October 25, 2017, 7:11pm

@jared.m: HTTPS requests are proxied to a container and the container does not has access to the .well-known-folder. The letsencrypt and the certs are stored on the host and the host does the renew. That is why I need to except the .well-known-folder from being redirected to https.

@sahsanu: It doesn’t work. Apache directly redirects to HTTPS.

sahsanu · October 25, 2017, 7:30pm

Before posting I tested it and it works pretty fine in my apache server, did you restart apache after the modification?

raceface2nd · October 25, 2017, 7:52pm

I did a reload but it didn’t work. With a restart it worked.

Thx!

Andy

system · November 24, 2017, 7:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Possible change alias? Help	6	917	January 29, 2021
Apache challenge file / redirection issue Help	28	4626	November 3, 2021
Could not connect to http://domain.name.org/.well-known/acme-challenge/xxxx Help	7	6692	June 13, 2016
Failed authorization procedure Help	13	2289	April 30, 2020
Issue with acme-challenge over Apache Help	3	2382	June 1, 2019

Alias for /.well-known/acme-challenge

Related topics