]>
Commit | Line | Data |
---|---|---|
12c77ca5 LS |
1 | # WELLKNOWN |
2 | ||
3 | Let's Encrypt (or the ACME-protocol in general) is checking if you are in control of a domain by accessing a file under a path similar to `http://example.org/.well-known/acme-challenge/c3VjaC1jaGFsbGVuZ2UtbXVjaA-aW52YWxpZC13b3c`. | |
4 | ||
5 | `http-01`-type verification (default in this script, there is also support for [dns based verification](dns-verification.md)) so you need to have that directory available over normal http (redirect to https will be acceptable, but you definitively have to be able to access the http url!). | |
6 | ||
c9c430b8 | 7 | letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. To be clear, your `WELLKNOWN` variable **must** include the "acme-challenge" subdirectory, and should not have a trailing slash (eg, `WELLKNOWN="/etc/wellknown/acme-challenge"`, **not** `WELLKNOWN="/etc/wellknown"`). |
12c77ca5 LS |
8 | |
9 | An example config would be to create a directory `/var/www/letsencrypt`, set `WELLKNOWN=/var/www/letsencrypt`. | |
10 | ||
11 | After configuration the WELLKNOWN directory you'll need to add an alias to your webserver configuration pointing to that path: | |
12 | ||
13 | ## Nginx example config | |
14 | ||
15 | ```nginx | |
16 | server { | |
17 | [...] | |
18 | location /.well-known/acme-challenge { | |
dca25e8e | 19 | alias /var/www/letsencrypt; |
12c77ca5 LS |
20 | } |
21 | [...] | |
22 | } | |
23 | ``` | |
24 | ||
25 | ## Apache example config | |
26 | ||
27 | ```apache | |
28 | Alias /.well-known/acme-challenge /var/www/letsencrypt | |
29 | ||
30 | <Directory /var/www/letsencrypt> | |
31 | Options None | |
32 | AllowOverride None | |
33 | Order allow,deny | |
34 | Allow from all | |
35 | </Directory> | |
36 | ``` |