From 92ee40819eb60400d9788dc667c59157b1981545 Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Mon, 5 Jul 2021 14:15:25 +0200
Subject: [PATCH] whitelist - fix /.well-known/acme-challenge whitelist for
 let's encrypt

---
 confs/site/main-lua.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confs/site/main-lua.conf b/confs/site/main-lua.conf
index e3e0362..1308395 100644
--- a/confs/site/main-lua.conf
+++ b/confs/site/main-lua.conf
@@ -117,7 +117,7 @@ for k, v in pairs(whitelist_uri) do
 end
 
 -- check if it's certbot
-if use_lets_encrypt and string.match(ngx.var.request_uri, "^/.well-known/acme-challenge/") then
+if use_lets_encrypt and string.match(ngx.var.request_uri, "^/%.well%-known/acme%-challenge/[A-Za-z0-9%-%_]+$") then
 	logger.log(ngx.INFO, "LETSENCRYPT", "got a visit from Let's Encrypt")
 	ngx.exit(ngx.OK)
 end