]>
Commit | Line | Data |
---|---|---|
12c77ca5 LS |
1 | # WELLKNOWN |
2 | ||
969bebef LS |
3 | With `http-01`-type verification (default in this script, there is also support for [dns based verification](dns-verification.md)) Let's Encrypt (or the ACME-protocol in general) is checking if you are in control of a domain by accessing a verification file on an URL similar to `http://example.org/.well-known/acme-challenge/m4g1C-t0k3n`. |
4 | It will do that for any (sub-)domain you want to sign a certificate for. | |
12c77ca5 | 5 | |
969bebef | 6 | At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!). |
12c77ca5 | 7 | |
ec49a443 | 8 | dehydrated has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. |
12c77ca5 | 9 | |
969bebef | 10 | If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below. |
12c77ca5 | 11 | |
969bebef | 12 | ## Example Usage |
12c77ca5 | 13 | |
969bebef LS |
14 | If you have more than one docroot (or you are using your server as a reverse proxy / load balancer) the simple configuration mentioned above wouldn't work, but with just a few lines of webserver configuration this can be solved. |
15 | ||
64e35463 | 16 | An example would be to create a directory `/var/www/dehydrated` and set `WELLKNOWN=/var/www/dehydrated` in the scripts config. |
969bebef LS |
17 | |
18 | You'll need to configure aliases on your Webserver: | |
19 | ||
20 | ### Nginx example config | |
21 | ||
22 | With Nginx you'll need to add this to any of your `server`/VHost config blocks: | |
12c77ca5 LS |
23 | |
24 | ```nginx | |
25 | server { | |
26 | [...] | |
27 | location /.well-known/acme-challenge { | |
64e35463 | 28 | alias /var/www/dehydrated; |
12c77ca5 LS |
29 | } |
30 | [...] | |
31 | } | |
32 | ``` | |
33 | ||
969bebef LS |
34 | ### Apache example config |
35 | ||
36 | With Apache just add this to your config and it should work in any VHost: | |
12c77ca5 LS |
37 | |
38 | ```apache | |
64e35463 | 39 | Alias /.well-known/acme-challenge /var/www/dehydrated |
12c77ca5 | 40 | |
64e35463 | 41 | <Directory /var/www/dehydrated> |
12c77ca5 LS |
42 | Options None |
43 | AllowOverride None | |
f0a92dfa ER |
44 | |
45 | # Apache 2.x | |
46 | <IfModule !mod_authz_core.c> | |
47 | Order allow,deny | |
48 | Allow from all | |
49 | </IfModule> | |
969bebef | 50 | |
f0a92dfa ER |
51 | # Apache 2.4 |
52 | <IfModule mod_authz_core.c> | |
53 | Require all granted | |
54 | </IfModule> | |
12c77ca5 LS |
55 | </Directory> |
56 | ``` | |
ae98ff67 DPK |
57 | |
58 | ### Lighttpd example config | |
59 | ||
60 | With Lighttpd just add this to your config and it should work in any VHost: | |
61 | ||
62 | ```lighttpd | |
d62a5eeb | 63 | server.modules += ("alias") |
ae98ff67 | 64 | alias.url += ( |
d62a5eeb | 65 | "/.well-known/acme-challenge/" => "/var/www/dehydrated/", |
ae98ff67 DPK |
66 | ) |
67 | ``` |