Allow Certbot Access to Subdirectory with .htpasswd on Apache2
I was trying to find a way to allow certbot to auto renew, but kept getting verification errors. The error showed that certbot couldn’t get access to
/.well-known/acme-challenge/<SOME_HASH>: which was why it was failing.
Turns out, I have a custom WordPress setup which requires
.htpasswd authorization. This is to make it so the outside world can’t access my WordPress instance easily because I was hacked in the past. I then generate static files from this WordPress site, which are visible to the public.
So, I need to make this directory visible to the outside world as well. Being wary to grant global access to this subdirectory, I used some regex based on what
certbot is actually looking for and came up with:
# Certbot needs to access this dir w/o any auth in order to auto renew <FilesMatch "\/\.well-known\/acme-challenge\/.*\:$"> Satisfy any </FilesMatch>
This uses the Apache2 FilesMatch directive to ensure we’re only granting access to a very specific set of files which match this regex. What I like most is that it forces the filenname to end in a colon, making this hard to get anything with a file extension.
Not too fancy, but it definitely gets the job done. My
certbot can now run without a hitch.