I am using server, lets call it XYZ, and I cannot stop the server so the only option is to use the webroot option since standalone requires the default ports, which are already in use.
The problem I have is that the webroot option creates a hidden directory and expects that the directory is visible via HTTP. The XYZ server I am using, for security reasons, block access to hidden directories via http – that is directories starting with a dot.
You might be interested in DNS verification with the dns-01 challenge.
Hi @SoCalDude,
Are you able to disable this security feature for specific paths? If so you should make an exception for /.well-known/. This path is used for more than just ACME HTTP-01 (in /.well-known/acme-challenges) and is actually inherited from a broader web standard, RFC 5785. It's likely as more technologies build on top of RFC 5785 you're going to have more and more trouble caused by this security feature.
In addition to @osiris' suggestion (thanks!) to switch to DNS based verification with the ACME DNS-01 challenge type you could also switch to TLS based verification with the ACME TLS-SNI-01 challenge type. That won't require accessing a file in a /.well-known directory.
If you share which ACME client (Certbot?) you're using, and more information about the current way you use it, someone can likely suggest steps to switch to DNS-01 or TLS-SNI-01.
Hope that helps!
There is a difference between a URL containing a file (or directory) that starts with a dot and a disk file (or directory) that starts with a dot.
With "URL redirection" you can accept a URL with a dot and send that request to a place without any actual dot.
Well, everything changes if there is an RFC in control. I’ll see what I can do about it and refer to the RFC.
You are making an incorrect assumption on the underlying server/technology
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.