We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Certbot .well-known security issue
Certbot .well-known security issue
I use certbot on default installation of VestaCP on my Ubuntu 16.04 machine. It generate certificate well, but in order to verify domain, it add
This cause my automate security testing to alarm that http://domain/.well-known/acme-challenge/<h1>abc</h1> kind of url are hackable and available in website.
Is there any way I can fix this. like certbot use other method or when certificate is done/renewed it remove this nginx configuration and add again when needed again ?
Code: Select all
location ~ "^/.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; }
Is there any way I can fix this. like certbot use other method or when certificate is done/renewed it remove this nginx configuration and add again when needed again ?
Re: Certbot .well-known security issue
Why you use certbot? VestaCP provides a internal let's encrypt engine.