From 7583615babc19711eb5f2865b81706d383b5649b Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Mon, 5 Feb 2018 15:33:42 +0100 Subject: Handle SSL certificate verifications for others than Let's Encrypt Do no longer (wrongly) rewrite URLs like * http://example.net/.well-known/pki-validation/file.txt (Comodo) * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust) * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign) * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy) * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign) for automated SSL certificate verifications. All (common commercial) certificate authorities (CA) except Let's Encrypt (via ACME) seem to use "pki-validation" rather "acme-challenge" for their domain control validation (DCV). Signed-off-by: Robert Scheck --- lib/private/Setup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/private') diff --git a/lib/private/Setup.php b/lib/private/Setup.php index 43fa6c4a117..c0246a83e46 100644 --- a/lib/private/Setup.php +++ b/lib/private/Setup.php @@ -485,7 +485,7 @@ class Setup { $content .= "\n RewriteCond %{REQUEST_FILENAME} !/robots.txt"; $content .= "\n RewriteCond %{REQUEST_FILENAME} !/updater/"; $content .= "\n RewriteCond %{REQUEST_FILENAME} !/ocs-provider/"; - $content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*"; + $content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*"; $content .= "\n RewriteRule . index.php [PT,E=PATH_INFO:$1]"; $content .= "\n RewriteBase " . $rewriteBase; $content .= "\n "; -- cgit v1.2.3