How to Renew SSL by only .htaccess under Force HTTPS and Basic Auth


It’s very easy to install Let’s Encrypt on Shared Hosting for everyone.
However, sometimes it must not modify conf of Apache or Nginx on Shared Hosting. In the case, it usually set Force HTTPS and Basic Auth with “.htaccess". If the setting “.htaccess" was wrong, Renew SSL doesn’t work in this case.

The reason why cannot renew SSL(.well-known dir)

It accesses to the following path when renewing SSL with let’s encrypt.*

So, it must be able to connect to the “.well-known" path with HTTP request. If all requests are forced to Rewrite to HTTPS or it requires BASIC AUTH, automatically renew SSL fail.

Renewalbe SSL with .htaccess

It usually allows HTTP request to “.well-known" path with conf of Apache or Nginx in order to renew SSL. But it is not allowed to modify conf on Shared Hosting, so we have to set in .htaccss.

The case of Force HTTPS as the following.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !(^/.well-known/)
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The case of Basic Auth as the following.

SetEnvIf Request_URI "/.well-known*" wn
AuthUserFile "/hoge/.htpasswd"
AuthName "Please enter your ID and password"
AuthType BASIC
Satisfy any

require valid-user

Order Deny,Allow
Deny from all 
allow from env=wn