Menu
When using Let’s Encrypt via the Certbot software, you can use the Apache plugin to obtain and install certificates on your Apache web server.
With the “http-01” challenge, which is probably the most popular way to verify your ownership of the domain, the authenticator must somehow serve a file in the directory /.well-known/acme-challenge via HTTP on port 80.
But how does Certbot actually do this in an automated way, from a technical perspective?
It seems that Certbot neither changes your virtual host configuration nor the actual contents of the document root for the virtual host.
So how does Certbot technically accomplish its task of serving the file at the required location?
814
The plugin's configurator.py's perform() calls another perform() in http_01.py file. This creates the challenge files in the configured challenge directory, distinct from the document root (_set_up_challenges() includes code to check whether the directory exists and create it). _mod_config() then handles serving:
self._set_up_include_directives(vh)).register_file_creation() to register the creation of temporary _pre and _post rule files (this does not write them, but ensures their deletion if there is a later error).CONFIG_TEMPLATEs for the configurator being used (e.g., CONFIG_TEMPLATE22_PRE) - htaccess rules where the _PRE is a redirect pointing requests for .wellknown/acme-challenge/[TOKEN] to the the challenge directory and the the _POST grants access to both /.wellknown/acme-challenge/ and the challenge directory. Each of these is written to the previously registered location.So yes, a temporary configuration change to redirect requests to a custom directory path.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
