Web Hosting service will not serve authorization file - dot directories forbidden


#1

Manual authorization requires me to install a file on my server in the form of:

http://mydomain.info/.well-known/acme-challenge/Ed4YM1kXXXXXX

However my hosting service will not serve “hidden” files starting with a dot. You test this at
http://chenopod.net/igkingtest/

I have tried to get around this using .htaccess rewrite rules but this do not get around the blocking.

Is it really necessary to make this more difficult by using .well-know instead of just well-known which would cause not a problem.

Can anyone suggest a solution ?


#2

did you try a .htaccess inside the .well-known folder with allow from all/require all granted (I dunno about the difference between the 2 but both say that everything is allowed).


#3

The difference is that require all granted works with apache 2.4 and allow from all works with earlier versions.

@dnwilson are you sure it’s the dot that’s causing the problem? The server seems to serve up the content of your .htaccess file just fine… maybe the permissions are set incorrectly on the .well-known directory or something?

btw, you probably know this, but the .well-known directory needs to be at the root of the domain, not in a subdirectory itself.


#4

since he hid the url of his challenge including the domain I think that is just a test environment or similar. which is on the same server.


#5

I’d assume you’d need a <DirectoryMatch> for dot folders to overwrite the hosters setting or a .htaccess inside the directory.


#6

I am trying to work out how to use . i will give it a go


#7

Thanks for the suggestion. The permissions for .well-know directory are the same as test1 directory (which is readable), which has no .htaccess inside it, but can be viewed.

The domain I want the certificate of is igking.info which points to Wordpress application. To attempt to get the manual verification I rename Wordpress folder and replace it with an empty one to install the test directories and verification file.


#8

is a config element for httpd.conf. If I had access to this file then

<DirectoryMatch “^.|/.”>

  • Order allow,deny*
  • Allow from all*
    </DirectoryMatch>

would probably do the trick. But as it a Limited access hosted service I do not have access to this file. My only access is via Cpanel. I have tried setting a .htaccess file inside the directory but this does not work.

If an FTP authorisation option was available I could get this to work for my site.

Surely this authorisation test should be that I can place files on the server, rather than I can edit the httpd.conf file.


#9

Sorry to hear you’re having trouble with the .well-known requirement. The choice of .well-known was not arbitrary: it’s a standard directory to put “special” files like this. ACME uses it because it helps reduce the risk that an application may allow upload and serving of arbitrary files without realizing that this could enable third parties to issue certificates.

I’m afraid the best suggestion I can make at the moment is to request that your hosting provider allow customers to create files under .well-known, or directly automate certificate issuance themselves.


#10

Thank you for your response. I have put in a service request to my hosting provider quoting your reply.


#11

You will be please to hear that my hosting service Ifastnet have modified my access permissions to allow me read files created under .well-known. So it now have my certificate installed.

Thank you for the advise and service.