I suggest you ...

← Service Improvement

During the Let's Encrypt autorenewal process, add a htaccess file to work around protected roots

If you have a .htaccess in the root of your application, that adds a htpasswd based auth password for the entire site, the Let's Encrypt autorenewal process fails. The process create a subdirectory, .well-known/ and uses it for the renewal process, deleting it at the end of the process.

There are two easy ways to get around this that I can think of:

  1. do not delete the .well-known directory at the end of the process. so that us customers can add in the .htaccess file in there if we want to, to leave it readable

  2. as a part of the process of creating the short-lived .well-known directory, add a .htaccess file in that folder with the content:

    Satisfy Any
    Order Allow,Deny
    Allow from all

And delete it all at the end of the process, as it does now. This will unlock that directory during the process automatically

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Scott Lawrence shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Service Improvement: Security

Categories

Feedback and Knowledge Base

(thinking…)