From: Grant Slater <github@firefishy.com>
Date: Mon, 23 Feb 2026 01:07:16 +0000 (+0000)
Subject: web: Also support acme redirect on HTTPS
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain

web: Also support acme redirect on HTTPS
---

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 2aee03373..f442d65f1 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -135,6 +135,11 @@ ErrorLog /var/log/apache2/error.log
   RewriteCond %{HTTP_USER_AGENT} Chrome/((103|105|107|108|109|110|111|112|116|117|120|124|131|133)\.0\.0\.0|104\.0\.5112\.81|106\.0\.5249\.119) [NC]
   RewriteRule . - [F,L]
 
+  #
+  # Redirect ACME certificate challenges (Fastly redirects from HTTP to HTTPS, so we need to handle them here)
+  #
+  RewriteRule ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 [R=permanent,L]
+
   #
   # Force special MIME type for crossdomain.xml files
   #