What if .well-known is not behind HTTPS already (or behind HTTPS with expired certificate)?


#1

Let’s say I’m creating a Letsencrypt certificate for the first time, so that my .well-known path will not yet be behind HTTPS.

Or worse, let’s say I was a bit too late renewing an existing Letsencrypt certificate, so that my .well-known path will be behind HTTPS with an expired Letsencrypt certificate.

Will this pose any problems when running certbot to create a new certificate? If so, how to get around these problems?


#2

While you can redirect the request to HTTPS, I think the first request always comes as HTTP only.


#3

To add to what @TCM said, the HTTP-01 challenge will accept pretty much any certificate - expired, self-signed, etc. is all fine, so if you’re redirecting to a https:// URL with a certificate like that, that’s fine.


#4

Thanks fellas, this is awesome news!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.