Clash with Android Digital Asset Links validation


#1

Having just set up an SSL certificate with Let’s Encrypt on my server, I now want to validate an Android Digital Asset Link for my app. This works, but may well give problems in the future because of the use of the ‘.well-known’ folder.
Let’s Encrypt uses it for the ACME challenge and according to the instructions, I have set up an alias that now points to ‘/var/www/html/.well-known’. In other words, this is a shared location between multiple domains on my server.
Android demands that I place an assetlinks.json file also in the ‘.well-known’ folder. However, this should NOT be a shared file between different domains on my server.

Currently I have three domains on the server, but so far only one app for which I need the link validation. So currently I have no issue. However, in the future I will have to find a solution to use the link validation for multiple apps on multiple domains. How can this be done if I have Let’s Encrypt certificates for one or more domains?

Please note, I am not a server guru and my setup may well be suboptimal, I welcome advice on a different setup that may work better.


#2

The ACME protocol, used by Let’s Encrypt, uses the directory /.well-known/acme-challenge/. Not all of /.well-known/.

Can you adjust your setup to only point /.well-known/acme-challenge/ at your Let’s Encrypt stuff?


#3

Hi @iksmode

which instruction? You don’t need an alias.

If you have one server with three domains and three different DocumentRoots, you have three different

DocumentRoot1\.well-known\acme-challenge
DocumentRoot2\.well-known\acme-challenge
DocumentRoot3\.well-known\acme-challenge

directories. Without any sharing between these three domains.


#4

It’s based on the Directadmin installation instructions:
https://help.directadmin.com/item.php?id=648
Step 4 creates the alias.
In fact, at first I did not have that and Let’s Encrypt could not validate the acme challenge. Only after correct set up of the alias it worked. Probably has to do with my last comment (not being very fluent in Linux and server setup).


#5

That might be another option. It looks like the acme-challenge is actually a symbolic link, so that could work indeed.


#6

If you need to place multiple files with the same name in a common location, they must be placed into separate folders (which can be within that same common root location).
This can be accomplished by modifying your web server to differentiate the incoming challenge requests (via SNI) and map them respectively to their unique locations (common.location/subfolder).


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.