In today's digital age, where online security and data privacy have become paramount concerns, implementing SSL (Secure Sockets Layer) certificates has become a necessity for website owners. SSL Installation provides a secure connection between web servers and browsers, ensuring that sensitive information remains encrypted and protected from prying eyes.
However, before obtaining an SSL certificate, domain authentication is a crucial step in the process. It verifies that the person or organization requesting the certificate has control over the domain in question. This is necessary as part of Domain Control Validation (DCV). The .well-known folder can be generated automatically by certain servers, but occasionally, you might need to create it manually. One of the widely used methods for manual domain authentication is the creation of a special directory called ".well-known" on your web server.
If you're new to the world of SSL domain authentication or struggling to understand the purpose and significance of the .well-known directory, you've come to the right place. In this comprehensive guide, we will walk you through the process of creating the .well-known directory. However, if you have not completed the process of generating a CSR, you can check here How to Generate a Certificate Signing Request (CSR) in Windows Server.
By the end of this blog, you will have a clear understanding of how to set up the .well-known directory, navigate the domain authentication process with ease, and ensure a secure connection between your website and its visitors. Let's dive in and demystify the world of SSL domain authentication together.
The .well-known folder serves a specific function related to domain validation when obtaining an SSL Certificate. When opting for the HTTP/HTTPS method during the certificate ordering process, you are required to create the .well-known directory. This folder serves as the location where you need to upload a TEXT file that will be scanned and approved by the Certificate Authority (CA) to verify your ownership of the domain.
The validation file within the .well-known folder should be accessible through a live website link. Once you have added the validation file, the CA's crawler system will scan your website, searching for the file. Once the file is located, your domain validation should be successfully completed within a few minutes.
Related Topic: SSL Installation Process Without Control Panel on Windows Server
To authenticate domain ownership using the HTTP method, you must upload a TXT file to a specific location on your website and server. The location should resemble the following URL path:
http://mywebiste.com/.well-known/pki-validation/HashFileName.txt
As indicated by the URL path, the file should be placed within the .well-known folder and the PKI-validation subfolder. This subfolder should be located in the document root directory corresponding to the domain name.
When ordering your SSL certificate and selecting the HTTP method, you will receive the validation file as a download. The file will have a hash file name, consisting of a string of random characters. It is crucial to upload the file exactly as provided by the CA, without modifying its name or content.
In order to establish the widely recognized .well known folder, you will require the ability to connect to your server using an SFTP client, a web hosting control panel, or any other suitable method. Below are the instructions for creating the .well-known folder on various popular platforms:
The following instructions are applicable to Ubuntu, Debian, and CentOS servers:
Navigate to the root directory of your website.
Create a directory named ".well-known".
Within the ".well-known" directory, create another folder called "pki-validation".
Upload the TXT file to the "pki-validation" directory.
To proceed, follow these steps:
If you have WHM, log in. Otherwise, skip this step.
Find and log into your cPanel account associated with your domain name.
Click on the "File Manager" option.
Select the "Web Root (public_html/www)" and click on "Go."
Create a new folder named ".well-known."
Within the ".well-known" folder, create another folder named "pki-validation."
Upload your TXT file into the "pki-validation" folder.
To create the .well-known folder in Plesk, follow these steps:
Access the Plesk control panel and navigate to the "File Manager" option.
In the right-side menu, locate the "Files" section and click on it.
Within the default document root folder for your domain (usually named "httpdocs" in Plesk), create a new directory called ".well-known".
To create the folder, click on the "New" button and select "Create Directory".
Inside the newly created ".well-known" folder, create a subfolder named "pki-validation".
To upload the validation TXT file, click on the "Upload" button and select the file. Place it in the "pki-validation" subfolder.
You are not allowed to place a dot in a folder name on Windows-based servers. So there is a different way to do it. You must follow these given steps for easy creation of a .well-known folder in Windows IIS servers.:
Visit the C: drive
Make a new file named “well-known”
In the “well-known” file, create another folder called “pki-validation”
Now, your can view the folders look like C:well-knownpki-validation
Now in the “pki-validation folder” you need to upload the “TXT” file.
Then, on your server, open the IIS Manager to add a virtual directory.
Do right-click on your website and select “Add Virtual Directory”
Please enter ".well-known" in the Alias section.
In the "Physical Path" field, specify the path to the "well-known" folder. For instance: For example: C:well-known
Finally, click on "OK" to create the alias.
Related Topic: Generate CSR and Private Key Using Microsoft IIS
How to create a .well-known folder in WordPress?
To create a .well-known folder in WordPress, you have three different options:
1. Utilizing a dedicated plugin:
It is advisable to avoid using plugins, as they can lead to compatibility and security issues in the long run. However, if you want to know- you can check below. To create a `.well-known` folder in WordPress using a special plugin, you can follow these steps:
1. Install and activate the "File Manager" plugin from the WordPress plugin repository. This plugin allows you to manage your files and folders directly within the WordPress dashboard.
2. Once the plugin is activated, go to the "File Manager" section in your WordPress admin area. You should see a new menu item called "File Manager" in the sidebar.
3. Click on "File Manager" to access the plugin's interface. It will display a file explorer-like view of your WordPress installation.
4. Navigate to the root directory of your WordPress installation. This is typically the folder where your `wp-admin`, `wp-content`, and `wp-includes` folders are located.
5. Right-click on the root directory and select "Create New Folder" from the context menu.
6. Name the new folder `.well-known` and click the "Create" button. The plugin will create the folder in the desired location.
7. You can now use the file manager to upload or create files within the `.well-known` folder as needed. Make sure to follow the specific requirements or guidelines for the files you intend to place in this folder.
Creating the `.well-known` folder using a plugin like "File Manager" provides a convenient way to manage files and folders within WordPress. However, please note that modifying core WordPress files or adding files to specific system folders may require caution and an understanding of the potential impact on your website's functionality. Always proceed with caution and consider creating a backup before making any changes.
2. Employing your web-hosting panel:
If you have access to cPanel, follow the instructions below to create the .well-known folder. cPanel is widely used and highly recommended.
- Log in to your cPanel account.
- Navigate to the File Manager section.
- Look for the public folder and open it.
- If you find a directory named ".well-known," proceed to the next step.
- If the directory doesn't exist, right-click on the public folder, select "Create directory," and name the newly created folder ".well-known."
3. Using an SFTP Client (e.g., FileZilla):
If you don't have access to cPanel, you can use an SFTP client to connect to your server and locate the ".well-known" directory within the "~/public" folder.
- Connect to your server using an SFTP client like FileZilla.
- Once connected, navigate to the "~/public" folder.
- Check if the ".well-known" directory is present.
- If it's not there, right-click on the public folder, select "Create directory," and name the new folder ".well-known".
By following these instructions, you will be able to create a .well-known folder in WordPress without relying on plugins and ensuring compatibility and security.
In AWS, you can create a .well-known folder by following these steps:
Log in to the AWS Management Console.
Open the Amazon S3 service.
Create a new S3 bucket or select an existing one where you want to create the .well-known folder. Make sure you have the necessary permissions to create and manage objects in the bucket.
Once you are in the bucket, click on the "Create folder" button. Enter .well-known as the folder name and click "Save" or press Enter.
The .well-known folder will be created in your S3 bucket.
To add files or objects inside the .well-known folder, click on the folder name and then click on the "Upload" button. You can upload files from your local machine or choose existing files from another S3 bucket.
After uploading the necessary files into the .well-known folder, you can access them using the URL structure: http://your-bucket-name.s3.amazonaws.com/.well-known/filename.
It's important to note that the .well-known folder is typically used to store files that are part of the ACME protocol, which is used for automated SSL/TLS certificate issuance and renewal. Make sure to follow the appropriate specifications and guidelines for the files you intend to store in the .well-known folder. Remember to set the appropriate permissions on your S3 bucket to ensure the files inside the .well-known folder are accessible to the necessary entities or services.
Related Topic: How to Generate a Certificate Signing Request (CSR) in Windows Server
To establish a connection with your server, you can use either the built-in FTP client or the Command Line Interface (CLI).
FTP
To create the ".well-known" directory on macOS X Server and use the built-in FTP client, follow these steps:
1. Launch the Terminal application on your macOS X Server. You can find it in the "Utilities" folder within the "Applications" folder.
2. Navigate to the root directory by running the following command:
```
cd /
```
3. Create the ".well-known" directory using the following command:
```
sudo mkdir .well-known
```
You will be prompted to enter your administrator password. Type it and press Enter.
4. Set the appropriate permissions for the directory by running the following command:
```
sudo chmod 755 .well-known
```
This command ensures that the directory is readable and executable by everyone but writable only by the owner.
5. Now, you can use the built-in FTP client on macOS X Server to upload files to the ".well-known" directory. Open the Terminal application again, and in the Terminal window, type the following command:
```
ftp server_address
```
Replace "server_address" with the actual address of the FTP server you want to connect to.
6. Enter your FTP username and password when prompted.
7. Once you are connected to the FTP server, navigate to the ".well-known" directory on the server by running the following command:
```
cd .well-known
```
8. You can now use FTP commands to upload files to the ".well-known" directory. For example, to upload a file named "example.txt" from your local machine to the server, use the following command:
```
put example.txt
```
9. Repeat the necessary steps to upload any other files or directories you want to place in the ".well-known" directory.
Remember to replace "server_address" with the actual FTP server address and adjust the commands as needed based on your specific setup.
Note: It's important to ensure that the FTP server on your macOS X Server is properly configured and accessible from the network you are connecting from.
Command Line Interface
To create the ".well-known" directory in macOS X Server using the Command Line Interface (CLI), you can follow these steps:
1. Open the Terminal application on your macOS X Server. You can find it in the "Utilities" folder within the "Applications" folder.
2. Navigate to the directory where you want to create the ".well-known" directory. For example, if you want to create it in the root directory, you can use the following command:
```
cd /
```
3. Create the ".well-known" directory using the following command:
```
sudo mkdir .well-known
```
4. Verify that the directory has been created by listing the contents of the current directory:
```
ls -a
```
You should see the ".well-known" directory listed.
5. Optionally, you may need to adjust the permissions of the ".well-known" directory to ensure it's accessible by the appropriate web server. You can use the following command to change the permissions:
```
sudo chmod 755 .well-known
```
This command sets the permissions to allow read and execute access for the owner and group and read access for others.
That's it! You have now created the ".well-known" directory in macOS X Server using the Command Line Interface.
Frequently Asked Questions
If the .well-known folder already exists on your server, you need to open it and create the pki-validation sub-folder. After creating the sub-folder, upload the required file to complete the SSL validation process.
The .well-known folder is often protected because it is a public directory. This protection is necessary to prevent hackers from utilizing the folder to store and distribute ransomware or phishing pages. In some cases, you may need to adjust the file permissions in order to access the .well-known folder.
The .well-known folder must always remain in your public directory. Moving it to a different location can prevent successful SSL validation via the HTTP method. Therefore, it is recommended to keep the .well-known folder in its original location.
Should I remove the .well-known folder?
No, the .well-known folder should not be removed. It is required each time you renew your SSL certificate. The Certification Authority (CA) needs to verify your ownership of the domain name, and the presence of the .well-known folder is part of this verification process.
Conclusion
The process of HTTP/HTTPS validation for obtaining an SSL certificate is relatively straightforward. By following the steps outlined above, you should be able to obtain your SSL certificate quickly. Understanding the purpose of the .well-known folder and knowing how to create it on different servers will make the certificate renewal or acquisition process more efficient. After this, you need to follow SSL Certificate Installation Steps, Binding SSL Certificate Steps, and HTTP to HTTPS Redirection Steps for the completion of the SSL installation process without the control panel on the Windows server.