projects / andy / dehydrated.git / blame
| Commit | Line | Data |
|---|---|---|
| 12c77ca5 LS |
1 | # WELLKNOWN |
| 2 | ||
| 3 | Let's Encrypt (or the ACME-protocol in general) is checking if you are in control of a domain by accessing a file under a path similar to `http://example.org/.well-known/acme-challenge/c3VjaC1jaGFsbGVuZ2UtbXVjaA-aW52YWxpZC13b3c`. | |
| 4 | ||
| 5 | `http-01`-type verification (default in this script, there is also support for [dns based verification](dns-verification.md)) so you need to have that directory available over normal http (redirect to https will be acceptable, but you definitively have to be able to access the http url!). | |
| 6 | ||
| c9c430b8 | 7 | letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. To be clear, your `WELLKNOWN` variable **must** include the "acme-challenge" subdirectory, and should not have a trailing slash (eg, `WELLKNOWN="/etc/wellknown/acme-challenge"`, **not** `WELLKNOWN="/etc/wellknown"`). |
| 12c77ca5 LS |
8 | |
| 9 | An example config would be to create a directory `/var/www/letsencrypt`, set `WELLKNOWN=/var/www/letsencrypt`. | |
| 10 | ||
| 11 | After configuration the WELLKNOWN directory you'll need to add an alias to your webserver configuration pointing to that path: | |
| 12 | ||
| 13 | ## Nginx example config | |
| 14 | ||
| 15 | ```nginx | |
| 16 | server { | |
| 17 | [...] | |
| 18 | location /.well-known/acme-challenge { | |
| dca25e8e | 19 | alias /var/www/letsencrypt; |
| 12c77ca5 LS |
20 | } |
| 21 | [...] | |
| 22 | } | |
| 23 | ``` | |
| 24 | ||
| 25 | ## Apache example config | |
| 26 | ||
| 27 | ```apache | |
| 28 | Alias /.well-known/acme-challenge /var/www/letsencrypt | |
| 29 | ||
| 30 | <Directory /var/www/letsencrypt> | |
| 31 | Options None | |
| 32 | AllowOverride None | |
| 33 | Order allow,deny | |
| 34 | Allow from all | |
| 35 | </Directory> | |
| 36 | ``` |