What is special about the .well-known/acme-challenge directory?

I am investigating why one attempt at sudo /usr/local/bin/certbot-auto --apache resulted in a acme-challenge failure, while a subsequent attempt was successful.

In my VPS, /var/www is a symlink to /data/www
In the main httpd.conf file, the document root remains as "/var/www/html"
In my own mydomain.com.conf file, the VirtualHost section looks like this:
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot “/var/www/html”

  <Directory "/var/www/html">
      Options -Indexes +FollowSymLinks
      AllowOverride All

I created a simple test1.html file, which was copied to all these locations:

And I visit all the above via web browser, and the only one that fails (Wordpress’s 404) is:

I cannot figure out why.

1 Like

I would rename those as:
[or modify their contents so that you can know exactly which one was reached]

I don’t see why/how the root file was not reachable:
should serve:

If that fails, then you have some overlapping domain name issues.
What does this say?:
apachectl -S

1 Like

Thank you.
Not sure if you mis-read or I had a typo… but the file at the doc root was reachable.
Three (3 nos.) cases were reachable.
The only case that was not reachable was the one in the full path.

1 Like

Then there may be some special handling for that gull path.
If this is a shared server, then you may need to speak with the admin about that.
If this is a dedicated server (and you are the admin), then you need to review the entire config for such a condition.

1 Like

It is a VPS that I subscribed for just my own website, and I am the admin.
The .well-known directory and acme-challenge directory were both created by CertBot, or possibly by the LE WordPress plugin by “Go Web Smarty”.
What might be special about these directories? Where should I check? Because there’s nothing special about the dir permissions.

BTW, this is the WP plugin by “Go Web Smarty”: https://wordpress.org/plugins/wp-letsencrypt-ssl/

1 Like

There is nothing “special” about those directories (usually - by default).
If any were created by anything other than cerbot, then we need to review that.

I would search through the config folders (or entire disk) for anything related to acme-challenge
[something (my guess is WordPress) has to be handling those requests “differently”]



$ pwd

$ sudo grep -nr "acme-challenge" .
./wp-content/uploads/wp_letsencrypt/debug.log:14:Creating HTTP challenge file http://sc.og.com.sg/.well-known/acme-challenge/6ebRtc9uWuKaqS_qjVzyNg89MvhOcsaAGEecoMvtT0o
./wp-content/plugins/wp-letsencrypt-ssl/admin/le_admin.php:763:      add_rewrite_rule('.well-known/acme-challenge/(.*)$', '$1', 'top');
./wp-content/plugins/wp-letsencrypt-ssl/lib/LEFunctions.php:211:    $requestURL = $domain . '/.well-known/acme-challenge/' . $token;
./wp-content/plugins/wp-letsencrypt-ssl/lib/LEFunctions.php:244:    $requestURL = 'https://dns.google.com/resolve?name=_acme-challenge.' . $domain . '&type=TXT';
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:228:                                $acmefile = site_url( '/.well-known/acme-challenge/' . $challenge['filename'], 'http' );
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:238:                                        'RewriteRule ^.well-known/acme-challenge/(.*)$ $1 [L,R=301]',
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:264:                                    //add_rewrite_rule('.well-known/acme-challenge/(.*)$', '$1', 'top');
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:436:            'challenge_folder_exists' => file_exists( ABSPATH . '.well-known/acme-challenge' ),
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:472:                $vrfy .= 'Name: <b>_acme-challenge.' . $site . '</b>
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:658:        $fpath = ABSPATH . '.well-known/acme-challenge/';
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:727:        $acmefilepath = ABSPATH . '.well-known/acme-challenge/' . $challenge['filename'];
./wp-content/plugins/wp-letsencrypt-ssl/classes/le-core.php:737:            $fpath = ABSPATH . '.well-known/acme-challenge/';
./.htaccess:10:RewriteRule ^.well-known/acme-challenge/(.*)$ /$1 [QSA,L]



I would try:

1 Like

Thanks. I had to look up a rewrite rule tester to find out what it does…
It rewrites http://example.com/.well-known/acme-challenge/foo to http://example.com/foo
Very curious why the WordPress LE plugin would create this rule.
And very curious how certbot eventually passed the challenge.
I am going to remove the WP plugin, (I had used it part way thru and encountered some problems, don’t really remember, before coming back to fix up my virtualhost so that I could use certbot-auto), sorry it is so convoluted, but I believe certbot-auto is working now. So I will remove the WP plugin.


As you expected, it works after commenting out that rewrite line. Thank you.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.