From adf314984c5be8e80ffff93d4eb0c78ea4cbe384 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Mon, 6 Jun 2016 11:44:17 +0200
Subject: [PATCH] Allow access to acme challenge even when restricted

---
 .../conf/httpd.conf/WebAppVirtualHost/50Content      | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
index dadf063..8bfd9fe 100644
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
@@ -84,7 +84,7 @@ if ($allow ne ''){
     else{
         $allow =~ s/[,;]/ /g;
     }
-    $OUT .=<<"EOF"
+    $OUT .=<<"EOF";
 
     <Location />
         Order deny,allow
@@ -92,6 +92,10 @@ if ($allow ne ''){
         Allow from $allow
     </Location>
 
+    <Location /.well-known/acme-challenge/>
+        Allow from all
+    </Location>
+
 EOF
 }
 
@@ -101,9 +105,13 @@ if ($auth =~ m/^Basic$/i){
         $require = "Require ldap-group ";
         $require .= "cn=$_,ou=Groups,$base " foreach(@groups);
     }
-    $OUT .=<<"EOF";
+    SetEnvIf %{Request_URI} "^/\.well\-known/acme\-challenge" granted=1
 
     <Location />
+        Order deny,allow
+        Satisfy any
+        Deny from all
+        Allow from env=granted
         AuthType basic
         AuthName "$name"
         AuthBasicProvider ldap