Exclude only Let's Encrypt access URL from Apache basic authentication

When Let's Encrypt issues an SSL certificate, the Let's Encrypt client checks that it can access the site. One thing to keep in mind is that if you apply basic authentication to the entire site, the Let's Encrypt client will not be able to access it.

Here, we will explain how to exclude only the access URL of Let's Encrypt from basic authentication.

Please set as follows in the Apache configuration file.

<Location />
  AuthType Basic
  AuthName "Secret Zone"
  AuthUserFile /var/www/.htpasswd
  Require user foo

<Location /.well-known/acme-challenge>
  Require all granted

Allow all connections only for the path used by Let's Encrypt.


Is the path used by Let's Encrypt.

"/" Is the path for basic authentication, but all connections are allowed for the path "/.well-known/acme-challenge" in the settings after it.

Associated Information