3 With `http-01`-type verification (default in this script, there is also support for [dns based verification](dns-verification.md)) Let's Encrypt (or the ACME-protocol in general) is checking if you are in control of a domain by accessing a verification file on an URL similar to `http://example.org/.well-known/acme-challenge/m4g1C-t0k3n`.
4 It will do that for any (sub-)domain you want to sign a certificate for.
6 At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!).
8 letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`.
10 If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below.
14 If you have more than one docroot (or you are using your server as a reverse proxy / load balancer) the simple configuration mentioned above wouldn't work, but with just a few lines of webserver configuration this can be solved.
16 An example would be to create a directory `/var/www/letsencrypt` and set `WELLKNOWN=/var/www/letsencrypt` in the scripts config.
18 You'll need to configure aliases on your Webserver:
20 ### Nginx example config
22 With Nginx you'll need to add this to any of your `server`/VHost config blocks:
27 location /.well-known/acme-challenge {
28 alias /var/www/letsencrypt;
34 ### Apache example config
36 With Apache just add this to your config and it should work in any VHost:
39 Alias /.well-known/acme-challenge /var/www/letsencrypt
41 <Directory /var/www/letsencrypt>
46 <IfModule !mod_authz_core.c>
52 <IfModule mod_authz_core.c>
58 ### Lighttpd example config
60 With Lighttpd just add this to your config and it should work in any VHost:
66 "/.well-known/acme-challenge/" => "/var/www/letsencrypt/"