diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-11-30 16:10:34 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-12-02 17:03:42 -0700 |
commit | c6313c2170f7149c47cfe64ff2e9ea2c655165e6 (patch) | |
tree | 65115b8c1f8d29c89721fa6dd6c857cb001295c1 | |
parent | f0af57280d9da49d5553d74cc97878e2b342163c (diff) | |
download | consfigurator-c6313c2170f7149c47cfe64ff2e9ea2c655165e6.tar.gz |
APACHE:HTTPS-VHOST: narrow the scope of .well-known rewrite rule
The new rule is sufficient for the Let's Encrypt challenge to succeed, and has
the advantage of avoiding interference with other subpaths of .well-known/.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r-- | src/property/apache.lisp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/property/apache.lisp b/src/property/apache.lisp index 5cd2564..4b94107 100644 --- a/src/property/apache.lisp +++ b/src/property/apache.lisp @@ -133,7 +133,7 @@ Unapplying removes the Apache site config but leaves the certificate behind." ,(strcat "ServerName " name ":80") ,@initial "RewriteEngine On" - "RewriteRule ^/.well-known/(.*) - [L]" + "RewriteRule ^/.well-known/acme-challenge.* - [L]" ;; redirect everything else to https ,(strcat "RewriteRule ^/(.*) https://" name "/$1 [L,R,NE]") ,@additional-config |