4

I want to create SSL certificate for my domain via the webroot directory ".well-known/acme-challenge" for verification. I'm using shared hosting and I don't have access to apache configuration files, so I can only use .htaccess file.

Problem is that I can't access files in this folder from browser using address "my.domain/.well-known/acme-challenge/filename". I'm just getting 404 error, even though I have these files in this directory.

So I want to know, if there's any rule, which I could use in .htaccess file to gain access to hidden directories from browser. If you need more informations let me know.

Jackenmen
  • 193
  • 1
  • 4
  • 11

1 Answers1

2

Assuming your host allows overrides, this may work:

    <IfModule mod_rewrite.c> 
        RewriteCond %{REQUEST_FILENAME} !.well-known/
        RewriteRule "(^|/)\.(?!well-known)" - [F]
    </IfModule>
danielh
  • 344
  • 3
  • 12
  • I tried this, but it doesn't work, so I assume my host doesn't allow overrides :/ Just to make sure, I should put it in .htaccess in root folder, right? – Jackenmen May 13 '18 at 18:54
  • Yes.Some providers also intentionally block .well-known because they want to see you a cert. I didn't think anyone did this anymore, but it's a possibility? – danielh May 13 '18 at 18:58
  • I doubt that they intentionally blocked .well-known, because they didn't block possibility to put your own cert in DirectAdmin and I can use DNS records for verification instead, but I have my own reasons, why I don't want to do it that way, at least for now :/ – Jackenmen May 13 '18 at 20:36
  • It turns out they block this folder in cheaper plans - in more expensive ones you can automatically generate the Let's Encrypt certificate and renew it automatically. In cheaper plans you can only verify your certificate with DNS records. Thanks for help though :) – Jackenmen May 14 '18 at 15:50