Handle SSL certificate verifications for others than Let's Encrypt
Do no longer (wrongly) rewrite URLs like * http://example.net/.well-known/pki-validation/file.txt (Comodo) * http://example.net/.well-known/pki-validation/fileauth.txt (DigiCert, Thawte, GeoTrust) * http://example.net/.well-known/pki-validation/gsdv.txt (GlobalSign) * http://example.net/.well-known/pki-validation/starfield.htm (Starfield, GoDaddy) * http://example.net/.well-known/pki-validation/swisssign-check.txt (SwissSign) for automated SSL certificate verifications. All (common commercial) certificate authorities (CA) except Let's Encrypt (via ACME) seem to use "pki-validation" rather "acme-challenge" for their domain control validation (DCV). Signed-off-by: Robert Scheck <robert@fedoraproject.org>
This commit is contained in:
parent
976e5e35f7
commit
de07c82a4d
|
@ -63,7 +63,7 @@
|
|||
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
|
||||
RewriteRule ^remote/(.*) remote.php [QSA,L]
|
||||
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
||||
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
|
||||
RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
|
|
|
@ -482,7 +482,7 @@ class Setup {
|
|||
$content .= "\n RewriteCond %{REQUEST_FILENAME} !/robots.txt";
|
||||
$content .= "\n RewriteCond %{REQUEST_FILENAME} !/updater/";
|
||||
$content .= "\n RewriteCond %{REQUEST_FILENAME} !/ocs-provider/";
|
||||
$content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*";
|
||||
$content .= "\n RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*";
|
||||
$content .= "\n RewriteRule . index.php [PT,E=PATH_INFO:$1]";
|
||||
$content .= "\n RewriteBase " . $rewriteBase;
|
||||
$content .= "\n <IfModule mod_env.c>";
|
||||
|
|
Loading…
Reference in New Issue