[Letsencrypt-devel] Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite

noc umlaeute at debian.org
Thu Dec 15 10:51:40 UTC 2016

Package: dehydrated-apache2
Version: 0.3.1-1
Severity: normal

Dear Maintainer,

dehydrated-apache2 comes with a conf-file that is supposed to make the
/.well-known/acme-challenge/ directory available in the webserver.

Unfortunately it had no effect on my system: accessing
/.well-known/acme-challenge/ via my webserver would just give me a 404 page.

Now, my webserver has the following characteristics
- multiple VirtualHosts
- use of mod_rewrite to do complex routing (in virtually all VirtualHosts).

I did not test all VirtualHosts (esp. I did not test the one without mod_rewrite)

I ended up adding the following line to *each* VirtualHost (in the mod_rewrite

    RewriteRule ^/\.well-known/acme-challenge/ - [L]

Of course I would prefer a solution that would fix this in a central place
However, my feeble (and short-lived) attempts did not have any effect.

Also, the documentation for such issues is sub-optimal.
Even though dehydrated-apache2 is supposed to work without any configuration
(though - as this bug report shows, sometimes it is not), it should come with
some documentation (even if it is just saying that normally no configuration is
needed, and that one should look at /usr/share/doc/dehydrated/docs for general
documentation and specifically at wellknown.md)

Ah yes: as you may have noticed, the target machine is running on jessie (for
which not even a backport of this package exists). I haven't verified the
problem on a sid system.
I assume that problems might be similar, and that dehydrated-apache2 will
eventually hit jessie-backports (and the backports package will not be much
different from the current package)

-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

dehydrated-apache2 depends on no packages.

Versions of packages dehydrated-apache2 recommends:
ii  apache2 [httpd]     2.4.10-10+deb8u7
ii  dehydrated          0.3.1-1

dehydrated-apache2 suggests no packages.

-- no debconf information

More information about the Letsencrypt-devel mailing list