Letsencrypt with htaccess

Question

This is my current htaccess configuration of /frontend/web

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php

I am trying to insert this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$

or

RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known

above

RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]

to create letsecnrypt certificate, but none of this is working.

Letsencrypt command to create certificate (debug coz Centos6):

./letsencrypt-auto --debug certonly --webroot -w /var/www/html/example.com/frontend/web/ --email example@gmail.com --domains example.com

letsencrypt error:

The following errors were reported by the server:

Domain: example.com
Type:   unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%

Link above leads me to the HTTPS version of the site protocol. If I remove a redirect to https, I get a message on the successful receipt of the certificate . conclusion : .well-known continues to be sent to the https , my settings did not work , what am I doing wrong?

Just make this condittion: `RewriteCond %{HTTP_HOST} !^\.well-known/.+` be the first after `RewriteEngine On` in `.htaccess` file — ETech, Mar 23 '21 at 22:48

Walf · Answer 1 · 2021-01-13T02:47:48.193

25

The cleanest way to do this without having to change any rules is to add a separate rule, before all others, that effectively disables rewriting for files in the directory, like this:

RewriteRule ^\.well-known/.+ - [END]

You may wish to add a file existence check immediately before the rule so your custom error response page is shown rather than the server's default:

RewriteCond %{REQUEST_FILENAME} -f

edited Jan 13 '21 at 02:47

answered Oct 25 '16 at 02:25

Walf

8,535
2
44
59

2

The RewriteRule ^\.well-known/.+ - [END] is the only thing that worked for me and I've tried many options! – Aleksandar Pavić May 14 '19 at 10:36
3

On an Apache 2.4 vhost without a document root, I had to add a slash after the `^`: `RewriteRule ^/\.well-known/.+ - [END]` – cweiske Mar 23 '20 at 20:15

score 8 · Answer 2 · answered Dec 30 '16 at 06:52

I eventually ended up with this configruation, working like a charm for cakephp 2:

Place this in .htaccess file located above your webroot and app folder, in a same folder as your app

<IfModule mod_rewrite.c>    
  RewriteEngine on

  RewriteRule ^.well-known/ - [L,NC]

  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

  RewriteRule    ^$ app/webroot/    [L]
  RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>

Just replace bottom 2 lines to fit your system.

thank you!! this just replaced my .htaccess file that was 10times longer — laka, Sep 25 '21 at 14:36

score 3 · Answer 3 · answered May 11 '20 at 15:24

3

This worked for me:

RewriteCond %{REQUEST_URI} !^/.well-known/(.*)

answered May 11 '20 at 15:24

baikho

5,203
4
40
47

2

this was just what i needed for a frame work that blocks access to folders apart from a public folder. – MasterT Feb 26 '21 at 17:23
1

This was the solution that worked for me. It's a simple rule to exclude `.well-known` requests no matter what your existing configuration is. Thanks! – gillytech Dec 27 '21 at 01:07

score 1 · Answer 4 · answered Aug 07 '17 at 14:25

I commonly add an alias to my vhost config which points to an unsecured environment. Often my development or staging servers are htaccess protected while the live system (obviously) isn't.

Apache virtual host config:

protected.example.com.conf

<VirtualHost *:80>
    Alias /.well-known /var/www/example.com/.well-known
    <Directory /var/www/example.com/.well-known>
        Require all granted
    </Directory>
</VirtualHost>

Of course you then need to adjust your letsencrypt cmd, too. It should point to the alias target.

./letsencrypt-auto --debug certonly --webroot -w /var/www/example.com/.well-known --email example@gmail.com --domains example.com

score 1 · Answer 5 · answered Sep 26 '19 at 17:43

1

Put it like this in .htaccess:

RewriteRule "^.well-known/acme-challenge" - [L]

answered Sep 26 '19 at 17:43

David Petter

19
2

1

First of all you're missing an escape character before the dot. Dot matches ANY character if not escaped. Also you should check for mod_rewrite.c, plus you didn't mention, your code needs to be put at the top before any other rewrite rules. – Emanuel S. May 09 '20 at 05:54

score 0 · Answer 6 · answered Apr 25 '22 at 13:24

0

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

answered Apr 25 '22 at 13:24

Arvy

1,072
2
16
29

Letsencrypt with htaccess

6 Answers6