Letsencrypt with htaccess

Question

This is my current htaccess configuration of /frontend/web

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php

I am trying to insert this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$

or

RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known

above

RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]

to create letsecnrypt certificate, but none of this is working.

Letsencrypt command to create certificate (debug coz Centos6):

./letsencrypt-auto --debug certonly --webroot -w /var/www/html/example.com/frontend/web/ --email example@gmail.com --domains example.com

letsencrypt error:

The following errors were reported by the server:

Domain: example.com
Type:   unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%

Link above leads me to the HTTPS version of the site protocol. If I remove a redirect to https, I get a message on the successful receipt of the certificate . conclusion : .well-known continues to be sent to the https , my settings did not work , what am I doing wrong?

Answer 1

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Answer 2

The cleanest way to do this without having to change any rules is to add a separate rule, before all others, that effectively disables rewriting for files in the directory, like this:

RewriteRule ^\.well-known/.+ - [END]

You may wish to add a file existence check immediately before the rule so your custom error response page is shown rather than the server's default:

RewriteCond %{REQUEST_FILENAME} -f

Answer 3

This worked for me:

RewriteCond %{REQUEST_URI} !^/.well-known/(.*)

Answer 4

Put it like this in .htaccess:

RewriteRule "^.well-known/acme-challenge" - [L]

Answer 5

I commonly add an alias to my vhost config which points to an unsecured environment. Often my development or staging servers are htaccess protected while the live system (obviously) isn't.

Apache virtual host config:

protected.example.com.conf

<VirtualHost *:80>
    Alias /.well-known /var/www/example.com/.well-known
    <Directory /var/www/example.com/.well-known>
        Require all granted
    </Directory>
</VirtualHost>

Of course you then need to adjust your letsencrypt cmd, too. It should point to the alias target.

./letsencrypt-auto --debug certonly --webroot -w /var/www/example.com/.well-known --email example@gmail.com --domains example.com

Answer 6

I eventually ended up with this configruation, working like a charm for cakephp 2:

Place this in .htaccess file located above your webroot and app folder, in a same folder as your app

<IfModule mod_rewrite.c>    
  RewriteEngine on

  RewriteRule ^.well-known/ - [L,NC]

  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

  RewriteRule    ^$ app/webroot/    [L]
  RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>

Just replace bottom 2 lines to fit your system.