HTTP-01 challenge to a different folder than /.well-known/acme-challenge/

I am setting up a GeoDNS SSL validation system for my domain names. It turned out that some hosts have some limitations with the way they setup the HTTP-01 challenge within their plesk setup. Allegedly it will not honor redirect rules for http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN> to go back to the apex.

Is there an undocumented mechanism to have the challenge be made over a different folder than /.well-known/acme-challenge/?

If not, this should surely be a top feature request.


No, there is not, and there will not be. The /.well-known/acme-challenge path is required by the relevant RFCs.


Yes, it's called redirection.
But you must first listen to that path and then you can redirect it to whatever path you prefer.


I tried doing this in .htaccess

RewriteEngine   On
RewriteCond     %{REQUEST_URI}   ^/.well-known/           [NC]
RewriteCond     %{HTTP_HOST}     ^www.mydomain.([^.]+)?$   [NC]
RewriteRule     (.*)             http://mydomain.%1/$1     [R=301,L]

but my host ( stated:

This setup you are trying to implement is not possible on our server because there is a higher-ranking (serverwide) RewriteRule regarding the .well-known/ folder of any domain which is needed for the SSLit/Let's Encrypt plugin

They are using a plesk UI setup on a nginx server proxied through apache.

Now I am looking into maybe instead implementing a DNS-01 challenge or is there a better way for me to do this?

I am using to resolve DNS lookups, and will be using the GeoDNS plugin to query the calls to the proper server.

But try changing:

to the more specific:


That sounds like they support a LetsEncrypt integration themselves, in a manner that prohibits their clients from using ACME.

I would ask them if it is possible to leverage their LetsEncrypt plugin for your needs. If not, you will have to use the DNS-01 challenge, as their server rules will take priority against any redirect or location rules you try to implement.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.