I have a domain in stealth mode, protected by basic auth. Basic auth is not supported by Letsencrypt and probably never will (https://github.com/certbot/certbot/issues/1744#issuecomment-162038303).
After moving from Nginx to Yaws, the next Letsencrypt renewal is scheduled. So here is a problem. I could disable basic auth in Yaws, do the renewal and then enable again, but that is no real solution.
There are easy workarounds for Apache and Nginx, i.e. define an exception to basic auth for the directory /.well-known/acme-challenge
.
How to do that in Yaws? The basic auth definition for my domain in yaws.conf
is now
<auth>
realm = "some realm"
user = "some_user:some_pw"
</auth>
The only reference within this context with respect to Yaws I found is from 2010 and refers to Yaws 1.81 (https://uu.diva-portal.org/smash/get/diva2:344199/FULLTEXT01.pdf). Letsencrypt started 2015. I use Yaws 2.0.9.
There seems to be a solution for FreeDNS with shell variables (https://gist.github.com/ammgws/381b4d9104c4e2b43b9210f33f03a15a). Similar hacks are given at https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/, but I have no idea how to use such an approach.
For each subdirectory you want to exclude, add a .yaws_auth
file to that subdirectory with the contents
{allow, all}.
and be sure to include the trailing period/full stop. Also make sure that auth_skip_docroot
is either set to false
or not set at all in your yaws.conf
file.