From c6313c2170f7149c47cfe64ff2e9ea2c655165e6 Mon Sep 17 00:00:00 2001
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Tue, 30 Nov 2021 16:10:34 -0700
Subject: APACHE:HTTPS-VHOST: narrow the scope of .well-known rewrite rule

The new rule is sufficient for the Let's Encrypt challenge to succeed, and has
the advantage of avoiding interference with other subpaths of .well-known/.

Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
---
 src/property/apache.lisp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/property')

diff --git a/src/property/apache.lisp b/src/property/apache.lisp
index 5cd2564..4b94107 100644
--- a/src/property/apache.lisp
+++ b/src/property/apache.lisp
@@ -133,7 +133,7 @@ Unapplying removes the Apache site config but leaves the certificate behind."
                      ,(strcat "ServerName " name ":80")
                      ,@initial
                      "RewriteEngine On"
-                     "RewriteRule ^/.well-known/(.*) - [L]"
+                     "RewriteRule ^/.well-known/acme-challenge.* - [L]"
                      ;; redirect everything else to https
                      ,(strcat "RewriteRule ^/(.*) https://" name "/$1 [L,R,NE]")
                      ,@additional-config
-- 
cgit v1.2.3