Server: Allow .well-known subdirectory and files to bypass file integrity checker

Created on 11 Dec 2017 · 4Comments · Source: nextcloud/server

Steps to reproduce

Setup nextcloud in root directory
Install letsencrypt certificate using cert-bot
Visit nextcloud as administrator

Expected behaviour

No file integrity warning, no prevention of automated upgrade due to file integrity

Actual behaviour

File integrity warnings generated due to presence of .well-known directory and contents required for letsencrypt cert-bot verification

Server configuration

Operating system:

Web server:

Database:

PHP version:

Nextcloud version: (see Nextcloud admin page)
12.0.3

Source

asuweb

Most helpful comment

@MorrisJobke enough hosters/control panels that do this kind of stuff use this folder with no ability to move it, as far as I read both plesk and cpanel do this, which should affect quite a number of hosters, and the users, as always have no way of changing that.

also this folder exists as a part of an RFC since 2010. it should really at least ginore that folder.

My1 on 22 Mar 2018

👍4

All 4 comments

File integrity warnings generated due to presence of .well-known directory and contents required for letsencrypt cert-bot verification

Best way to handle this is to map this in your web servers config to a different directory. We had in the past problems with random files/folders being present in the Nextcloud directory causing it weird bugs. That's the reason why we do not allow that in the whitelist.

MorrisJobke on 11 Dec 2017

Setup:
nextcloud 12.0.4 installed on a managed server running plesk. There is no possibility to access or even change the web server config outside of .htaccess.

Cloud you recommend a way to change the location to an other directory? Is there the possibilty to write an app which will add ^.well-known/acme-challenge/* to the whitelist?

Because having the security warning showing the whole time beats the purpose of it.

Thanks for an answer.