diff options
| author | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 15:33:42 +0100 |
|---|---|---|
| committer | Robert Scheck <robert@fedoraproject.org> | 2018-02-05 15:33:42 +0100 |
| commit | 7583615babc19711eb5f2865b81706d383b5649b (patch) | |
| tree | 3b15a4b693b02b3abe1e6df2019a417a79ffb747 /.htaccess | |
| parent | 847bd0cf74ce183e03accf1603a1f8e5d25394b6 (diff) | |
| download | nextcloud-server-7583615babc19711eb5f2865b81706d383b5649b.tar.gz nextcloud-server-7583615babc19711eb5f2865b81706d383b5649b.zip | |
Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like
* http://example.net/.well-known/pki-validation/file.txt (Comodo)
* http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust)
* http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign)
* http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy)
* http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign)
for automated SSL certificate verifications. All (common commercial)
certificate authorities (CA) except Let's Encrypt (via ACME) seem to
use "pki-validation" rather "acme-challenge" for their domain control
validation (DCV).
Signed-off-by: Robert Scheck <robert@fedoraproject.org>
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/.htaccess b/.htaccess index 7bf8759e383..005f23b64d5 100644 --- a/.htaccess +++ b/.htaccess @@ -63,7 +63,7 @@ RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L] RewriteRule ^remote/(.*) remote.php [QSA,L] RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L] - RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.* + RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.* RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L] </IfModule> <IfModule mod_mime.c> |