1 Topic by schnappi

  • schnappi
  • Member
  • Offline
  • Registered: 2015-02-13
  • Posts: 171

Topic: Unable to access .well-known/.well_known directory

Hello,

Am unable to access a test file via HTTP or HTTPS in the well-known/well_known directory located in either:
/opt/www/well_known/test.txt
/var/www/html/.well-known/test.txt

This is an issue because it impacts getting new SSL certificates. This is the first time renewing SSL certificates since last updating to 1.7.2. I am aware of the changes that were made to try and resolve this in 1.7.2.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.2
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Debian 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,399

Re: Unable to access .well-known/.well_known directory

Did you apply the change introduced in iRedMail 1.7.2?
https://docs.iredmail.org/upgrade.iredm … p-directly

Any error in Nginx log file when you access the directory?

3 Reply by schnappi (edited by schnappi 2025-07-03 05:19:50)

  • schnappi
  • Member
  • Offline
  • Registered: 2015-02-13
  • Posts: 171

Re: Unable to access .well-known/.well_known directory

Yes. https://docs.iredmail.org/upgrade.iredm … p-directly was applied.

The following show up in the Nginx log:

127.0.0.1 - - [02/Jul/2025:16:52:57 -0400] "" 400 0 "-" "-"

127.0.0.1 - - [02/Jul/2025:16:52:59 -0400] "GET /.well-known/acme-challenge/k4_hFtFalBDqkx0ztrfJlPB6bJWk6BN-zin_TIs5M28 HTTP/1.1" 404 146 "-" "getssl/2.49"


Given this issue, considered just using certbot with standalone mode. This worked (after stopping Nginx) and generated certificates without an issue, but postfix returned the error below. Since SSL certificates from a batch script work, not going to try and fix this issue related to postfix and certbot (unless the solution is simple). The problem is that the bash script does not have a stand alone mode independent of Nginx, and Nginx is currently not able to access the .well-known directory.

2025-07-02T12:45:50.240856-04:00 SERVER postfix/smtpd[24111]: warning: cannot get RSA certificate from file "/etc/letsencrypt/live/SERVER/fullchain.pem;": disabling TLS support

2025-07-02T12:45:50.241754-04:00 SERVER postfix/smtpd[24111]: warning: TLS library problem: error:80000002:system library::No such file or directory:../crypto/bio/bss_file.c:297:calling fopen(/etc/letsencryp>

2025-07-02T12:45:50.241822-04:00 SERVER postfix/smtpd[24111]: warning: TLS library problem: error:10080002:BIO routines::system lib:../crypto/bio/bss_file.c:300:

2025-07-02T12:45:50.241889-04:00 SERVER postfix/smtpd[24111]: warning: TLS library problem: error:0A080002:SSL routines::system lib:../ssl/ssl_rsa.c:448:

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,399

Re: Unable to access .well-known/.well_known directory

schnappi wrote:

Yes. https://docs.iredmail.org/upgrade.iredm … p-directly was applied.

Please show us full content of file /etc/nginx/sites-enabled/00-default.conf.

schnappi wrote:

127.0.0.1 - - [02/Jul/2025:16:52:59 -0400] "GET /.well-known/acme-challenge/k4_hFtFalBDqkx0ztrfJlPB6bJWk6BN-zin_TIs5M28 HTTP/1.1" 404 146 "-" "getssl/2.49"

The http status code is 404 which means "not found", so seems it doesn't work so far.