Cheap Web Space, Domain Name:
Web Space With E-Mail, PHP/MySQL.

What is the /.well-known/acme-challenge directory and can I delete it?

Question: 

Searching …

 

Unfortunately nothing found on "".

Premium support for Bitpalace web hosting customers only!

 from the Federated States of Micronesia: +49 30 32 70 18 92, Fax (in Germany) +49 30 32 70 18 91

service@bitpalast.net 

Skype: bitpalast

One moment please … your browser is loading the page.

 

 

Symptom

In my document root directory I can also see a folder “/.well-known” and from there “/acme-challenge”. I haven't set up these folders. Are they dangerous?

 

Cause

“Acme” stands for “Automatic Certificate Management Environment”. The folder /.well-known/acme-challenge is a standard folder that is used for issuing and renewing Let's Encrypt SSL certificates. It is a globally binding standard on all web servers. A token is placed there, which the certification authority can read over the Internet. With the help of the token, the certification authority can check whether the server is actually responsible for the domain to be certified.

 

Solution

/.well-known/acme-challenge is often used by hackers to hide malware in it because website owners rarely or never look into this folder. Bitpalace sees no particular danger in this, because hacked websites also contain malicious code in other and usually numerous places, so that these would have to be restored from a backup or recreated anyway. Whether or not malicious code is also present in /.well-known/acme-challenge then no longer matters. Whether or not the path exists does not affect whether a website can be hacked.

Nevertheless, for this and other reasons, /.well-known/acme-challenge has been a virtual path to an area outside of your webspace that hackers' scripts cannot reach in the Bitpalace webspace accounts since the beginning of 2021. Many Bitpalace web space users therefore do not see this path in their document root directory. However, it is possible that the path is still visible in older webspace accounts from earlier SSL installations. You can usually delete /.well-known/acme-challenge. If the path is required by software, the software will recreate the path itself. If the /.well-known/acme-challenge path is deleted, any SSL certificate that may have been set up remains in place.

 

Overview of frequently asked questions 

 

 

 


 

  from the Federated States of Micronesia: +49 30 32 70 18 92 •  GmbH, Sensburger Allee 27, D-14055 Berlin (Germany)
Your purchase is tax-free, because you order from a non-EU country. © 2024  GmbH. All rights reserved. and the logo are registered trademarks of GmbH. For photo credits see imprint.

Imprint Privacy policy Sitemap