Hi Brent, > I've gone through each vsite and ensured that `DOCROOT/.well-known` is > publicly accessible > over a non-SSL connection and not blocked by a server or application config.
A few months back when we switched from certbot to acme.sh for renewals I also switched the `DOCROOT/.well-known` to a path outside of the /web of Vsites. The renewal verification files are now all served out of /home/.acme/ and this helps us get around such cases where .htaccess files, mod_rewrite or some alias issues would interfere with the accessibility of these files. But indeed: It's a good idea to check how your Vsites would react to a HTTP request if ./well-known is requested. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx