Sysadmin: Letsencrypt renewal htaccess redirect bypass

Posted by admin on 05/27/2018 Leave a comment (0) Go to comments

With increasing role of HTTPS websites (Google pushing everybody to run only HTTPS websites considering regular HTTP as insecure) the service provided by Let’s encrypt becomes critically important. But there is a catch – once you get the certificate and redirect your site to HTTPS using .htaccess you will get a problem renewing certificate because 301 redirect breaks the challenge verification and the command

certbot-auto renew

1	certbot-auto renew

gives an error about authorization problem.

Here is the correction to the .htaccess file that allows to avoid this problem.

Here is HTTPS redirection part of your .htaccess file before modification

Apache

# Redirection vers HTTPS RewriteCond %{SERVER_PORT} ^80$ [OR] RewriteCond %{HTTPS} =off RewriteRule ^(.*)$ https://domain.com$1 [R=301,L]

1
2
3
4

# Redirection vers HTTPS
RewriteCond %{SERVER_PORT} ^80$ [OR]
RewriteCond %{HTTPS} =off
RewriteRule ^(.*)$ https://domain.com$1 [R=301,L]
This is the same part after adjustment

Apache

# Redirection vers HTTPS RewriteCond %{SERVER_PORT} ^80$ [OR] RewriteCond %{HTTPS} =off RewriteRule ^(?!/\.well-known(?:$|/)).* https://domain.com$0 [R=301,L]

1
2
3
4

# Redirection vers HTTPS
RewriteCond %{SERVER_PORT} ^80$ [OR]
RewriteCond %{HTTPS} =off
RewriteRule ^(?!/\.well-known(?:$|/)).* https://domain.com$0 [R=301,L]

network, Security, Sysadmin, webhostingapache, htaccess, letsencrypt, security, ssl, webhosting

← Sysadmin: Virtualmin and Letsencrypt integration

Windows: What do I want to see as default browser →

Server support blog

My life on call