Enable LetsEncrypt to renew cert in Redirected http

How to allow for renewal of LetsEncrypt certs when your http requests are all redirected to https

The trick here is to excluded the .well-known directory from the the redirect

<VirtualHost *:80>

        # cert renewal setup
        DocumentRoot /var/www/html2
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ServerName blog.abcd.xyz
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !/\.well\-known/?.*
        RewriteRule ^ https://%{SERVER_NAME}:8443%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

To test, create a txt file in the .well-known directory and try to access it from the browser

Reference
Article on Servebolt

Written on July 9, 2025