'Letsencrypt with htaccess
This is my current htaccess configuration of /frontend/web
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
I am trying to insert this:
RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$
or
RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known
above
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
to create letsecnrypt certificate, but none of this is working.
Letsencrypt command to create certificate (debug coz Centos6):
./letsencrypt-auto --debug certonly --webroot -w /var/www/html/example.com/frontend/web/ --email [email protected] --domains example.com
letsencrypt error:
The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%
Link above leads me to the HTTPS version of the site protocol. If I remove a redirect to https, I get a message on the successful receipt of the certificate . conclusion : .well-known continues to be sent to the https , my settings did not work , what am I doing wrong?
Solution 1:[1]
The cleanest way to do this without having to change any rules is to add a separate rule, before all others, that effectively disables rewriting for files in the directory, like this:
RewriteRule ^\.well-known/.+ - [END]
You may wish to add a file existence check immediately before the rule so your custom error response page is shown rather than the server's default:
RewriteCond %{REQUEST_FILENAME} -f
Solution 2:[2]
I eventually ended up with this configruation, working like a charm for cakephp 2:
Place this in .htaccess file located above your webroot and app folder, in a same folder as your app
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^.well-known/ - [L,NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
Just replace bottom 2 lines to fit your system.
Solution 3:[3]
This worked for me:
RewriteCond %{REQUEST_URI} !^/.well-known/(.*)
Solution 4:[4]
I commonly add an alias to my vhost config which points to an unsecured environment. Often my development or staging servers are htaccess protected while the live system (obviously) isn't.
Apache virtual host config:
protected.example.com.conf
<VirtualHost *:80>
Alias /.well-known /var/www/example.com/.well-known
<Directory /var/www/example.com/.well-known>
Require all granted
</Directory>
</VirtualHost>
Of course you then need to adjust your letsencrypt cmd, too. It should point to the alias target.
./letsencrypt-auto --debug certonly --webroot -w /var/www/example.com/.well-known --email [email protected] --domains example.com
Solution 5:[5]
Put it like this in .htaccess:
RewriteRule "^.well-known/acme-challenge" - [L]
Solution 6:[6]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Aleksandar Pavi? |
| Solution 3 | baikho |
| Solution 4 | simne7 |
| Solution 5 | David Petter |
| Solution 6 | Arvy |