HTTP Domain Verification with Redirect

Dear Let’s Encrypt Team,

We are highly focused on helping various WordPress clients and have a quick question regarding HTTP based domain verification.

Can we have a 301 redirect from abc.com/.well-known/acme-challenge to a different domain xyz.com/.well-known/acme-challenge and complete the domain verification via xyz domain?. Does the verification bot follow redirects during domain verification process? The issue is .well-known folder access is restricted on my first domain abc.com

Regards,
~Shyam

2 Likes

Hi @Gowebsmarty

that’s possible - and that’s a good solution with centralized systems.

Read

Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way).

So you can use one own domain

https://yourdomain/yourfolder/filename-domain1
https://yourdomain/yourfolder/filename-domain2
https://yourdomain/yourfolder/filename-domain3

to validate different customer-domains.

But: Domain1 must have a correct redirect

http://domain1/.well-known/acme-challenge/random-filename
-> https://yourdomain/yourfolder/filename-domain1

So you don’t need folder access. But you must be able to create the correct redirect.

2 Likes

Hi @JuergenAuer

Thank you somuch for faster response!. That definitely helped us a lot.

Thanks,
~Shyam

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.