Recent .htaccess Update Blocking Let's Encrypt SSL Renewal

More
2 years 2 weeks ago #173585 by nh905
Let's Encrypt requires web access to the hidden directory .well-known/acme-challenge to renew SSL certifications. Limesurvey recently added .htaccess rules blocking access to hidden directories, blocking Let's Encrypt access. I temporarily removed the rule.

Drupal had a similar issue and modified the RewriteRule to read:
RewriteRule "(^|/)\.(?!well-known)"
I am a rewrite newbie, so I have not tried to update the Limesurvey .htaccess rule.

Regards, Norbert
The topic has been locked.
LimeSurvey Partners
More
2 years 2 weeks ago #173603 by DenisChenu
Yes, this need to be fixed …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
The topic has been locked.
More
2 years 2 weeks ago #173605 by jelo

DenisChenu wrote: Yes, this need to be fixed …

You already spoted the issue and posted a remark here:
github.com/LimeSurvey/LimeSurvey/commit/...2b8ebf88c296104c5d2c

More and more provider and controlpanels are already applying the exceptions for .well-known on the webserver level. Beside Let's Encrypt there are other ones (e.g. Comodo SSL). Still make sense for LimeSurvey to allow access to subdirectories of .well-known

Perhaps adding this:
RewriteRule "/\.|^\.(?!well-known/)" - [F]

More about .well-known can be found here: tools.ietf.org/html/rfc5785

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
More
2 years 2 weeks ago #173607 by DenisChenu

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
The topic has been locked.
More
2 years 2 weeks ago #173610 by nh905
Denis, two updates applied and successfully tested. Let's Encrypt is working, but access to folders like .gitignore remain blocked.

Thanks, Norbert
The topic has been locked.

Start now!

Just create your account and start using Limesurvey today.

Register now