What if .well-known is not behind HTTPS already (or behind HTTPS with expired certificate)?

Let’s say I’m creating a Letsencrypt certificate for the first time, so that my .well-known path will not yet be behind HTTPS.

Or worse, let’s say I was a bit too late renewing an existing Letsencrypt certificate, so that my .well-known path will be behind HTTPS with an expired Letsencrypt certificate.

Will this pose any problems when running certbot to create a new certificate? If so, how to get around these problems?

While you can redirect the request to HTTPS, I think the first request always comes as HTTP only.

1 Like

To add to what @TCM said, the HTTP-01 challenge will accept pretty much any certificate - expired, self-signed, etc. is all fine, so if you’re redirecting to a https:// URL with a certificate like that, that’s fine.

1 Like

Thanks fellas, this is awesome news!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.