[BlueOnyx:23114] Re: LetsEncrypt Auto Update Failed

[Michael Stauber]

Hi Brent,

> I've gone through each vsite and ensured that `DOCROOT/.well-known` is publicly accessible
> over a non-SSL connection and not blocked by a server or application config.

A few months back when we switched from certbot to acme.sh for renewals
I also switched the `DOCROOT/.well-known` to a path outside of the /web
of Vsites. The renewal verification files are now all served out of
/home/.acme/ and this helps us get around such cases where .htaccess
files, mod_rewrite or some alias issues would interfere with the
accessibility of these files. But indeed: It's a good idea to check how
your Vsites would react to a HTTP request if ./well-known is requested.

-- 
With best regards

Michael Stauber