Knowledgebase: Security
AutoSSL and HTTP Redirects
Posted by on 26 September 2016 11:40 AM

HTTP redirects seem to be pretty troublesome: specifically, the default cPanel/Comodo provider will fail if it finds a redirect. To address this, we’re implementing logic in 60 to insert mod_redirect exclusions into a virtual host’s .htaccess file when necessary.

You can do this in 58, but it will be a manual process. Here are the exclusions to add in:

For cPanel’s internal DCV checks:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$

For Comodo:
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$

For Let’s Encrypt:
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

Insert these lines before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects. Only the Comodo one should be strictly necessary, but the others are good ideas just in case.

(0 vote(s))
Not helpful