.well-known/acme-challenge/ should be removed?

hi there ,

i just wanted to ask if the .well-known/acme-challenge/ should be removed as it containt two keys
key1.key2 .

However when i refresh the page it keep showing me the same keys even if i add content after acme-challenge/ it keep the same .

so my question is :

is there any security risk to keep the chalenge page on the website?

many thanks,

1 Like

It's not a security risk, no.

The information it reveals is:

  • The challenge tokens of your past certificate requests
  • The thumbprint of your ACME (Let's Encrypt) account

Both pieces of information are assumed to be public anyway, there's no threat posed to your certificates or account.


There is no actual risk 'per se'; But, if they are not being cleaned up after use, then they might start to pile up (over time).
I'd check on why those files are being left behind.


Sounds like an ownership/permissions issue. :face_with_monocle:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.