Excluding/including SSL on specific pages Redirect rules SSL certificate

AutoSSL Let’s Encrypt plugin cannot verify domain because of .htaccess 301 redirect

I recently came across an issue where the AutoSSL let’s encrypt plugin can’t verify the domain. Strange though it may seem, this tool needs to access the website over http to renew the SSL certificate.

A solution can be to disable the .htaccess redirect, renew, then enable again, but this is not a very elegant solution of course. A better way is to exclude this particular file from the redirect.

I found the solution for this problem in this thread:
https://forums.cpanel.net/threads/autossl-htaccess-whitelist.562651/

Application in Really Simple SSL

If you have enabled .htaccess redirect, Really Simple SSL will add some lines to your .htaccess, looking something like this:

RewriteCond %{HTTPS} != on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

First, make sure Really Simple SSL does not overwrite the .htaccess anymore, by enabling the option “stop editing the .htaccess file”.

Then add two conditions, so it won’t redirect when AutoSSL tries to access the verification file. The end result looks like this:

RewriteCond %{HTTPS} != on 
RewriteCond %{REQUEST_URI} !^/\d+\.BIN_AUTOSSL_CHECK_PL__\.\w+\.tmp$ [NC] 
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC] 
RewriteRule (.*) https://%{HTTP_HOST}%/$1

Your actual .htaccess redirect may be different, depending on your server configuration.

Related Articles

  • Redirect to https not working

    After you enable Really Simple SSL, by default a PHP redirect is activated, which is called wp 301 redirect in the plugin. If you notice your site can still be...
  • err_SSL_VERSION_OR_CIPHER_MISMATCH

    err_SSL_VERSION_OR_CIPHER_MISMATCH This error means that the server and client (browser) are unable to establish a secure connection between them. To establish a secure connection between the server and client they...
  • Does SSL improve my security?

    Sure. But I would not say it is the first thing should do. To prevent your site from getting hacked, start with the following: Do not use Admin as your...
  • SSL working on desktop, but not on mobile (android) devices

    If the SSL certificate on your site works fine on desktop but gives an error on mobile devices (specifically Android):  this certificate isn’t from a trusted authority, there is probably...

2 Comments

  • Mulyadi Subali

    Hi Roger,

    Does the free version works with Let’s Encrypt?

    • Rogier Lankhorst

      Hi Mulyadi, yes, it will work with any valid certificate.

Leave a Comment