How To Verify That LetsEncrypt Autorenewal Will, For Certain, Actually Work

It’s a bad experience when a commercial domain’s emails get discarded due to a failure to renew the LetsEncrypt certificate. Therefore, being able to ensure that, when the time comes for autorenewal, it will actually, for certain and for sure, actually work is a really big deal.

Simply looking at configuration settings and, from that, inferring that it will work is, shall we say, inadequate.

So, how does one test this critical function?

I had the following on .htaccess file and domain dint renew.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.)$$1 [R,L]
[Probably it would be better to use RewriteRule ^(.
)$$1 [R,L] ?]

Apparently letsencrypt was not able to download their file from and when i disabled htaccess i ws able to renew manually.
I have added follow BUT i am not sure if this will work as I am waiting for a domain to renew today as now it tries renewals after a week
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/[0-9a-zA-Z_-]+$

Despite so many threads nothing is clear how to enable letsencrypt renewal so that it can access http file on an SSL enabled domain.
I still cant find any way on to put the .wellknown/acme-challenge as exception. Nobody there to share their experience?


The easiest way to do so is to create a “Website Redirect” from within Virtualmin. This will place the redirect code into the servers VirtualHost configuration rather than you having to use a “.htaccess” file.

Navigate over to Server Configuration > Website Redirects

Once there click Add a new website redirect.

Source URL path: ^/((?!.well-known).*)$

Destination: URL at other website /$1

Include sub-paths in redirect: Yes

Dear TPNsolutions thank you for your guidance. I have used .htaccess directives for each domain and it usually works. I used ewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/[0-9a-zA-Z_-]+$ and it does work but when I try access a file of letsencrypt thats stored as 777 root is not accesible via browser.
It gives Forbidden you dont have permission to access 403 error. I am trying to understand what Do i need to change so that files are downloadable. I also added this following on httpd conf <Directory “/home/domain/public_html/.well-known/acme-challenge”>
allow from all


The “.well-known” will intentionally produce a 403 error as it doesn’t contain an “index” file within it. The folder is used by the “Acme Protocol” to verify a domain’s existence and should NOT be altered in any way. You should just leave the folder and it’s content “as-is”.

Yes right but how does one fix the issue of file not downloading? See here the error on virtualmin when it attempts to renew:
By altering httpd or adding code to htaccess it still gives 403 error and is not renewing:
Registering account…
Already registered!
Wrote file to /home/domuser/public_html/.well-known/acme-challenge/WYRbjUwp-x4GIWK75_w31vfEtRuEdfZxICFkd32mXeM, but couldn’t download
Traceback (most recent call last):
File “/usr/libexec/webmin/webmin/”, line 235, in
File “/usr/libexec/webmin/webmin/”, line 231, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, args.dns_hook, args.cleanup_hook, log=LOGGER,
File “/usr/libexec/webmin/webmin/”, line 184, in get_crt
domain, challenge_status))

I’m seeing a sequence of responses addressing how one gets automatic renewal to work – not how to test whether it will work when the critical time comes.