sanjom

Let's Encrypt .htaccess Conditions

2 posts in this topic

Hey, I've used ProcessWire for a while now but not made an appearance in the forum yet :D I just wanted to share the solution to a small problem I came across with Let's Encrypt (free SSL service).

Let's Encrypt SSL certificates need to be renewed every few months to remain active. My web host does this automatically but needs access to a folder named ".well-known", which ProcessWire blocks by default because it starts with a dot. This results in a 403 error.

To work around this, just add the following line to your .htaccess file, around line 150:

RewriteCond %{REQUEST_URI} !^(/\.well-known)

It should be the first condition in the section titled "Access Restrictions: Keep web users out of dirs that begin with a period".

I also ran into another problem. Let's Encrypt accesses mail.example.com which is redirected to www.mail.example.com because I enabled the redirection in my .htaccess fie. So we need to exclude the mail sub domain from that rule using the following line as the second condition in the www-redirection section (around line 160):

RewriteCond %{HTTP_HOST} !^mail\. [NC]

I know it's quite a specific problem but maybe it'll help someone Googling the issue.

I was curious, is there any way of redirecting to the www-version without having to exclude all your sub domains? The only way I can think of involves explicitly writing out your domain name in the .htaccess file and redirecting whenever the %{HTTP_HOST} starts with that name. But obviously that would lead to a loss of generality.

3 people like this

Share this post


Link to post
Share on other sites

Hi,

6 hours ago, sanjom said:

It should be the first condition in the section titled "Access Restrictions: Keep web users out of dirs that begin with a period".

As far as I know, since ProcessWire 3.0.29 we have RewriteRule "(^|/)\.(?!well-known)" - [F] there by default. See: https://processwire.com/blog/posts/pw-3.0.29/#summary-of-added-pull-requests

 

 

3 people like this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Dennis Spohr
      Hi all,
      this is my first post here - so let me say first: I love ProcessWire! 
      I have the following scenario:
      On my website users will be able to create their own site. This site is a page (in this case 'theirsite'): "www.mydomain.com/theirsite"
      Now I want that they can use their own domain. So this domain needs to load their page:
      "www.theirdomain.com" goes to "www.mydomain.com/theirsite" but while showing the first domain in the browser.
      I'm trying to archive this with an htaccess entry:
      RewriteCond %{HTTP_HOST} www\.retuschierenlernen\.de RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?it=retuschierenlernen/$1 [L,QSA] I get the following error, because it loads the my main site, not the page of my user:
      Warning: file_put_contents(/www/mysite/test/html/site/assets/cache/FileCompiler/site/templates/public-site.php): failed to open stream: Permission denied in /www/mysite/test/html/wire/core/FileCompiler.php on line 327 Thanks!
      Dennis
    • By Cole
      Long time listener, first time caller...

      I have been working with ProcessWire for some time now and it has been amazing, my go to CMS. Previously my workflow had a local development setup through MAMP using an address like http://localhost:8888/websites/example.com.
      I have recently changed this in preference of  http://dev.example.com, that way I do not need to disable the .htaccess forward from non-www to www to develop locally. My .htaccess forward is setup like:

        RewriteCond %{HTTP_HOST} !^dev\. [NC]
        RewriteCond %{HTTP_HOST} !^www\. [NC]
        RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      This works on all sites that are still using ProcessWire 2.5, however on sites using 2.8 and 3.0 I am getting a 403 Forbidden error. After reading through the forum posts related to 403 errors I have not been successful in finding a solution for my issue. Has anyone experienced this or can assist? Thank you very much in advance, the forum community has been so helpful I have never needed to post until now.
    • By jsantari
      Trying to do some ajax calls to an api  named somedomain.com/xapi/index.php using intercoolerjs in my home page. I'm trying to make calls like this in intercoolerjs. somedomain.com/xapi/controller/method. Looked through a bunch of the posts but nothing seems to match what I am trying to do. Is there a change I can make to the htaccess file  to get this to work? Anyone have a suggestion on this or is there a better way to handle the api?
    • By hellomoto
      I have web hosting with the following .htaccess en root, to point it to a subdirectory "audino.us", wherein I have PW installed:
      RewriteEngine on RewriteCond %{HTTP_HOST} ^(www.)?something.com$ RewriteCond %{REQUEST_URI} !^/something.com/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /audino.us/$1 RewriteCond %{HTTP_HOST} ^(www.)?something.com$ RewriteRule ^(/)?$ something.com/index.php [L] RewriteCond %{HTTP_HOST} ^(www.)?something.com$ RewriteRule ^(/)?$ something.com [L] However when I go to audino.us/pw to access the admin, it becomes audino.us/audino.us/pw, and doesn't allow me to log in. How do I render the above to be recursive (?), i.e., to apply to all subordinate URLs? Is this to be done within the .htaccess in /audino.us, or in the root .htaccess above? Please help, I can't log in. Thanks much.
    • By microcipcip
      I have a VueJS single page app with a router, how do I redirect all requestes to the index.php page? The processwire .htaccess file is quite big I am not sure how to change it. This is what is suggested in the router docs:
      <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.html$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L] </IfModule>