Alias for /.well-known/acme-challenge


I know there have been several threads regarding the following question, but I didn’t find an answer that was working for me.

With letsencrypt I have an https rewrite in my apache config followed by a proxy to a container and I don’t get it working to except the /.well-known/acme-challenge directory to get the renew not to be rewritten to https. This is my actual config:

<VirtualHost *:80>

        Alias /.well-known/acme-challenge/ /var/www/demo/.well-known/acme-challenge/
        <Directory "/var/www/demo/.well-known/acme-challenge/">
            Options None
            AllowOverride None
            ForceType text/plain
            RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
        SSLProxyEngine On
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge [NC]
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


With this config all requests to are rewritten to https. How can I except /.well-known/acme-challenge from being rewritten to https?

Any help appreciated!



Why are you needing to prevent this redirect? Let’s Encrypt will follow https redirects when retrieving the challenge file, even if it’s to an untrusted certificate.

Hi @raceface2nd,

Change this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge [NC]

to this:

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]

Reload/restart apache and try again.


@jared.m: HTTPS requests are proxied to a container and the container does not has access to the .well-known-folder. The letsencrypt and the certs are stored on the host and the host does the renew. That is why I need to except the .well-known-folder from being redirected to https.

@sahsanu: It doesn’t work. Apache directly redirects to HTTPS. :frowning:

Before posting I tested it and it works pretty fine in my apache server, did you restart apache after the modification?

I did a reload but it didn’t work. With a restart it worked.



1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.