diff options
author | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 17:37:23 +0300 |
---|---|---|
committer | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 17:37:23 +0300 |
commit | de07c82a4df73982b1ef798aa0b0a4ffafa8cdeb (patch) | |
tree | b89f6b8a8b863ca7bffd02ee8e9ecc48346809c4 /.htaccess | |
parent | 976e5e35f7696e2b2c5abc0d9ade4aa8601e13d6 (diff) |
Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like
* http://example.net/.well-known/pki-validation/file.txt (Comodo)
* http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust)
* http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign)
* http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy)
* http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign)
for automated SSL certificate verifications. All (common commercial)
certificate authorities (CA) except Let's Encrypt (via ACME) seem to
use "pki-validation" rather "acme-challenge" for their domain control
validation (DCV).
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
Diffstat (limited to '.htaccess')
-rw-r--r-- | .htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/.htaccess b/.htaccess index 7bf8759e383..005f23b64d5 100644 --- a/.htaccess +++ b/.htaccess @@ -63,7 +63,7 @@ RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] - RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* + RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule> <IfModule mod_mime.c> |