Recent .htaccess Update Blocking Let's Encrypt SSL Renewal

Mehr
2 Monate 1 Woche her #173585 von nh905
nh905 erstellte das Thema Recent .htaccess Update Blocking Let's Encrypt SSL Renewal
Let's Encrypt requires web access to the hidden directory .well-known/acme-challenge to renew SSL certifications. Limesurvey recently added .htaccess rules blocking access to hidden directories, blocking Let's Encrypt access. I temporarily removed the rule.

Drupal had a similar issue and modified the RewriteRule to read:
RewriteRule "(^|/)\.(?!well-known)"
I am a rewrite newbie, so I have not tried to update the Limesurvey .htaccess rule.

Regards, Norbert

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
2 Monate 1 Woche her #173603 von DenisChenu
DenisChenu antwortete auf das Thema: Recent .htaccess Update Blocking Let's Encrypt SSL Renewal
Yes, this need to be fixed …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
2 Monate 1 Woche her #173605 von jelo
jelo antwortete auf das Thema: Recent .htaccess Update Blocking Let's Encrypt SSL Renewal

DenisChenu schrieb: Yes, this need to be fixed …

You already spoted the issue and posted a remark here:
github.com/LimeSurvey/LimeSurvey/commit/...2b8ebf88c296104c5d2c

More and more provider and controlpanels are already applying the exceptions for .well-known on the webserver level. Beside Let's Encrypt there are other ones (e.g. Comodo SSL). Still make sense for LimeSurvey to allow access to subdirectories of .well-known

Perhaps adding this:
RewriteRule "/\.|^\.(?!well-known/)" - [F]

More about .well-known can be found here: tools.ietf.org/html/rfc5785

Are you a student conducting a survey? If yes, tell me why you use LimeSurvey?
www.limesurvey.org/forum/development/116...y-you-use-limesurvey

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
2 Monate 1 Woche her #173607 von DenisChenu
DenisChenu antwortete auf das Thema: Recent .htaccess Update Blocking Let's Encrypt SSL Renewal

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
2 Monate 1 Woche her #173610 von nh905
nh905 antwortete auf das Thema: Recent .htaccess Update Blocking Let's Encrypt SSL Renewal
Denis, two updates applied and successfully tested. Let's Encrypt is working, but access to folders like .gitignore remain blocked.

Thanks, Norbert

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha