-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add rewrite rule for Let's Encrypt certificates #10082
Conversation
The LE tools need access to a stable path to automatically obtain certificates, so add a rewrite rule to allow it.
💖 Thanks for this pull request! 💖 We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already. Examples of commit messages with semantic prefixes:
Things that will help get your PR across the finish line:
We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me:
- Encourages people to use TLS by making it easier to use LetsEncrypt
- LetsEncrypt is already so widely used that having this as a default makes sense
- Anyone not using LetsEncrypt won't even have this directory to access
I don't see a downside
Thanks, @jerm ! |
@vapier thanks very much for this :) |
Congrats on merging your first pull request! 🎉🎉🎉 |
(This screws us on the demos though, since I have some manually added rewrite rules, mostly to block bad actors at the IP level - and could possibly interfere with other people's customized rewrite rules.) Do we need to worry about adding this dir to any gitignores? |
hmm.. .gitignore would be helpful but not strictly required, as .well-known will show as an untracked file, but won't conflict since we're not including anything. |
not sure i follow.. wouldn't local customizations be a problem any time you update the software? |
Yes, but we don't generally update that file (other than on the demo, again, to block bad actors). It shouldn't cause any problems, but we should underscore the fact that upgrading users will need to pull their own htaccess from a backup or from the git stash that happens if they use the upgrade.php process. |
(We don't deploy via git on the demos - we use DeployHQ, so we bypass the git stash part, so it means that I have to remember to reapply those files that get overwritten.) |
The LE tools need access to a stable path to automatically obtain
certificates, so add a rewrite rule to allow it.