.well-known/acme-challenge/ should be removed?

holymoly · July 20, 2022, 9:00am

hi there ,

i just wanted to ask if the .well-known/acme-challenge/ should be removed as it containt two keys
key1.key2 .

However when i refresh the page it keep showing me the same keys even if i add content after acme-challenge/ it keep the same .

so my question is :

is there any security risk to keep the chalenge page on the website?

many thanks,

_az · July 20, 2022, 9:09am

It's not a security risk, no.

The information it reveals is:

The challenge tokens of your past certificate requests
The thumbprint of your ACME (Let's Encrypt) account

Both pieces of information are assumed to be public anyway, there's no threat posed to your certificates or account.

rg305 · July 20, 2022, 1:49pm

There is no actual risk 'per se'; But, if they are not being cleaned up after use, then they might start to pile up (over time).
I'd check on why those files are being left behind.

Rip · July 20, 2022, 3:39pm

Sounds like an ownership/permissions issue.

system · August 19, 2022, 3:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can I remove the folders .well-known/acme-challenge?	4	49715	December 5, 2015
Is .well-known/acme-challenge/ an XSS risk Server	9	5310	September 3, 2018
Generate _acme-challenge. in GoDaddy Help	3	1080	August 17, 2023
Can the _acme-challenge.domain.com record be deleted? Help	2	2074	May 1, 2022
Lost acme challange dns record Help	4	697	February 19, 2022

.well-known/acme-challenge/ should be removed?

Related topics