Let's Encrypt .htaccess Conditions

Recommended Posts

Hey, I've used ProcessWire for a while now but not made an appearance in the forum yet :D I just wanted to share the solution to a small problem I came across with Let's Encrypt (free SSL service).

Let's Encrypt SSL certificates need to be renewed every few months to remain active. My web host does this automatically but needs access to a folder named ".well-known", which ProcessWire blocks by default because it starts with a dot. This results in a 403 error.

To work around this, just add the following line to your .htaccess file, around line 150:

RewriteCond %{REQUEST_URI} !^(/\.well-known)

It should be the first condition in the section titled "Access Restrictions: Keep web users out of dirs that begin with a period".

I also ran into another problem. Let's Encrypt accesses which is redirected to because I enabled the redirection in my .htaccess fie. So we need to exclude the mail sub domain from that rule using the following line as the second condition in the www-redirection section (around line 160):

RewriteCond %{HTTP_HOST} !^mail\. [NC]

I know it's quite a specific problem but maybe it'll help someone Googling the issue.

I was curious, is there any way of redirecting to the www-version without having to exclude all your sub domains? The only way I can think of involves explicitly writing out your domain name in the .htaccess file and redirecting whenever the %{HTTP_HOST} starts with that name. But obviously that would lead to a loss of generality.

  • Like 4

Share this post

Link to post
Share on other sites


6 hours ago, sanjom said:

It should be the first condition in the section titled "Access Restrictions: Keep web users out of dirs that begin with a period".

As far as I know, since ProcessWire 3.0.29 we have RewriteRule "(^|/)\.(?!well-known)" - [F] there by default. See:



  • Like 4

Share this post

Link to post
Share on other sites

I'm still having an issue with this. Both with my older PW sites and my newer 3.0+ sites. I can see the rule in the htaccess, but .well-known is still blocked. Any ideas?

Share this post

Link to post
Share on other sites

Have you checked permission of .well-known??


Edit: Just found this:

RewriteRule "(^|/)\.(?!well-known)" - [F]

to  .htaccess to section 12.

Share this post

Link to post
Share on other sites

I have not been having this kind of problem since 3.0.29.  My issue is I have the htaccess file  forcing https and that breaks the renewal process.  Currently I rename the htaccess to something like htaccess1, then do the renewal manually then rename the htaccess file back to normal.  Anyone have a tip on how I can still use the automated way with https?   Sorry to hijack this thread.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By joelplambeck
      Hi Guys,
      I'm trying to do my first migration to the customers existing server (IIS 10) . I ran the site as a subdirectory on my website for test purposes (everything works fine).
      Following the tutorial of Joss, I tryed the site on a local xampp server to make sure, it also works on a root directory. So far so good, everything works.
      Now I moved the files (from the xampp) to the customers server. The root/index page is shown but for every subpage i get 404 Errors...
      Hence I followed the troubleshooting guide for not working URLs:
      On the first sight, the .htaccess file is not recognized, therefore I contacted the host support. They said, it is recognized but not all modules are supported in the processwire .htaccess file. I did the "öalskjfdoal" test in the .htaccess file and didn't get a 500 Error.... BUT the rewrite rule from the hosts support, to proof the file is read, DID work... The support claims, they do not provide debugging... so basically the .htaccess file is recognized and working, but not throwing any errors (for whatever reason).
      Working rewrite rule (from support):
      RewriteEngine On RewriteBase / RewriteRule ^test\.asp$ index.html [NC,L] RewriteRule ^test\.html$ konzept.html [NC,L] RewriteRule ^test2\.html$ team.html [NC,L] The support said, a couple modules are not supported in the htaccess file, the supported ones are listed here: (I think mod_rewrite is supported)
      As I do not completely understand what exactly is happening in the htaccess file, I'm stuck. I tried all suggestions I found regarding this topic on the forum, but none of them solved the problem.
    • By rolisx
      Hi Guys,
      Just finished a website locally and wanted to upload it on the webserver of my customer. I got a server 500 error. Now, the guidelines of the hoster ( does not allow "Options" in the htaccess-file. So, when I uncomment these:
      Options -Indexes
      Options +FollowSymLinks
      the site is visible, but the content won't show and no links are available. Not sure if I need the Symlinks-part but I guess I need a workaround for the Index-part. Can anybody help here? I need the website up and running asap....
    • By Peter Knight
      I have a single Processwire install with two domains pointing to it.
      There's which is the "proper domain" and won't be live for a few months which needs to go live immediately but just point to a sub-page Is there a way with .htaccess to know when the site is being accessed through, keep that address is the browser bar and redirect to
      To give a little context, a part of the in-progress needs to be accessible immediately and we've registered that temporary and pointed it at the same site.
      The key here is to only do that redirect when is the source request. Otherwise I guess I'd use Jumplinks etc
    • By Barry
      I'm trying to direct all pages from their www and http versions to their non www https versions but I'm experiencing some really strange redirecting behaviour instead.
      When I uncomment the http to https lines in the htaccess, I get a too many redirects error on my site I thought that Processwire by default redirected from www to non www? When I apply the following line after the Processwire directives
      RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] The redirecting seems to work fine but for some reason many of the pages redirect to the homepage.
      I don't know if its a factor but I have jumplinks and multi-language installed and running.
      I've removed all custom rules from the htaccess just so that people see the pages they click on from search engines, but I'm hoping this can be resolves quick. Ideas?
    • By mr-fan
      Like title says i've some domains with umlauts öäüß and i'd like to redirect them to the non umlaut version
      http://my-domä to
      i've somethings like this in my htacess:
      ##redirect umlautdomain (not my domain) RewriteCond %{HTTP_HOST} ^xn--mhldorf-nsb.d$ [NC] RewriteRule ^(.*)$$1 [R=301,L] in my config.php i only have in my hosts list...
      is there something that i've misunderstood? so far it doesn't work....but may the htaccess rules take some time to exicute...i tried since about an hour some different rules.
      regards mr-fan