On Sun, 2023-04-23 at 12:21 -0700, T.C. Hollingsworth wrote:
Webroot authentication is pretty simple, what trips most people up
is
it puts it in a dot directory /.well-known/acme-challenge/ and a lot
of open source packages include Apache rules that block dotfiles with
errors to hide these files so see if you have any rules like that or
specifically whitelist that path.
Access to files named like them is still allowed, they're just not
shown in automatic directory listings in the browser.
Specific files like .htaccess and .htpasswd ought to be blocked.
--
NB: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
The following system info data is generated fresh for each post:
uname -rsvp
Linux 6.2.8-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 22 19:14:19
UTC 2023 x86_64