Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. (https://letsencrypt.org/)

When creating certificates using LetsEncrypt a folder called ".well-known" is created in the websites public folder (which is typically Drupal's root folder).

The line RewriteRule "(^|/)." - [F] in Drupal's default .htaccess file specifically prohibits files and folders starting with dots being accessed.

This causes LetsEncrypt to fail when issuing certificates and provide error messages about authorisation.

The best workaround is to add the line

RewriteRule "^.well-known/acme-challenge" - [L]

to .htaccess just above the rule

RewriteRule "(^|/)." - [F].

This would be a appropriate code change in line with Drupal project aims, especially "Open source: Stay committed to free software development, and build on and support other open source projects" .

It would be a very simple change which would send a strong message to the open source community.

If there is consensus that this is a worthy change I can create a patch for it.


Lostandfound created an issue. See original summary.

giorgio79’s picture

Yep, LetsEncrypt is a must and quickly becoming the de facto ssl standard.

walterebert’s picture

serg2’s picture

Thanks, marking this as a duplicate.

serg2’s picture

Status: Active » Closed (duplicate)