Letsencrypt with htaccess

问题

This is my current htaccess configuration of /frontend/web

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php

I am trying to insert this:

RewriteCond %{REQUEST_URI} !^.well-known/acme-challenge/$

or

RewriteCond %{REQUEST_URI} ! /\.well-known|^\.well-known

above

RewriteRule ^.*$ https://%{SERVER_NAME} [R,L]

to create letsecnrypt certificate, but none of this is working.

Letsencrypt command to create certificate (debug coz Centos6):

./letsencrypt-auto --debug certonly --webroot -w /var/www/html/example.com/frontend/web/ --email example@gmail.com --domains example.com

letsencrypt error:

The following errors were reported by the server:

Domain: example.com
Type:   unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/%acme%

Link above leads me to the HTTPS version of the site protocol. If I remove a redirect to https, I get a message on the successful receipt of the certificate . conclusion : .well-known continues to be sent to the https , my settings did not work , what am I doing wrong?

回答1:

Just exclude .well-known from your HTTPS redirect, otherwise it should preserve location and be permanent:

RewriteRule ^(?!\.well-known(?:$|/)).* https://%{SERVER_NAME}/$0 [R=301,L]

---

Edit: The cleanest way to do this without having to change any rules is to add a separate rule, before all others, that effectively disables rewriting for the directory, like this:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^\.well-known/.+ - [END]

The file existence check is optional, and omitting it means your server's default error response will show rather than any custom error page.

回答2:

I eventually ended up with this configruation, working like a charm for cakephp 2:

Place this in .htaccess file located above your webroot and app folder, in a same folder as your app

<IfModule mod_rewrite.c>    
  RewriteEngine on

  RewriteRule ^.well-known/ - [L,NC]

  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

  RewriteRule    ^$ app/webroot/    [L]
  RewriteRule    (.*) app/webroot/$1 [L]
</IfModule>

Just replace bottom 2 lines to fit your system.

回答3:

I commonly add an alias to my vhost config which points to an unsecured environment. Often my development or staging servers are htaccess protected while the live system (obviously) isn't.

Apache virtual host config:

protected.example.com.conf

<VirtualHost *:80>
    Alias /.well-known /var/www/example.com/.well-known
    <Directory /var/www/example.com/.well-known>
        Require all granted
    </Directory>
</VirtualHost>

Of course you then need to adjust your letsencrypt cmd, too. It should point to the alias target.

./letsencrypt-auto --debug certonly --webroot -w /var/www/example.com/.well-known --email example@gmail.com --domains example.com

回答4:

Put it like this in .htaccess:

RewriteRule "^.well-known/acme-challenge" - [L]

来源：https://stackoverflow.com/questions/38790421/letsencrypt-with-htaccess