summaryrefslogtreecommitdiffstats
path: root/.htaccess
diff options
context:
space:
mode:
authorRobert Scheck <robert@fedoraproject.org>2018-02-05 15:33:42 +0100
committerRobert Scheck <robert@fedoraproject.org>2018-02-05 15:33:42 +0100
commit7583615babc19711eb5f2865b81706d383b5649b (patch)
tree3b15a4b693b02b3abe1e6df2019a417a79ffb747 /.htaccess
parent847bd0cf74ce183e03accf1603a1f8e5d25394b6 (diff)
downloadnextcloud-server-7583615babc19711eb5f2865b81706d383b5649b.tar.gz
nextcloud-server-7583615babc19711eb5f2865b81706d383b5649b.zip
Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like * http://example.net/.well-known/pki-validation/file.txt (Comodo) * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust) * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign) * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy) * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign) for automated SSL certificate verifications. All (common commercial) certificate authorities (CA) except Let's Encrypt (via ACME) seem to use "pki-validation" rather "acme-challenge" for their domain control validation (DCV). Signed-off-by: Robert Scheck <robert@fedoraproject.org>
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess2
1 files changed, 1 insertions, 1 deletions
diff --git a/.htaccess b/.htaccess
index 7bf8759e383..005f23b64d5 100644
--- a/.htaccess
+++ b/.htaccess
@@ -63,7 +63,7 @@
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
- RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
+ RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>