Hi everyone,
I'm facing an issue on certs renewal.
My webserver is hostend in an ec2 instance and it send content to Cloudfront distribution (that allow both 80 and 443 port traffic) for each web request. I connected to a distribution function role to redirect users to correct subdomani based on geolcation, ex:
US -> us.website.iit
UK -> uk.website.it
..and so on.

How can i exclude the certbot renew http request to allow it pass without be affected by my georedirect function? Can i exlude the http request in some way? Can i check cookie, certain header request values, or other request parameters?

Many thanks to support.
Alessio.

Hi,

I suggest posting this question on https://community.letsencrypt.org/, where there is likely to be somebody who knows about configuring Cloudfront to exclude the /.well-known/acme-challenge/ requests.