422 in .well-known/acme-challenge when attempting to renew a cert

Hey folks! I’m looking to renew a cert using Letsencrypt Certbot for a vaultwarden instance I’m running. I’m encountering an issue with loading up the file placed in .well-known/acme-challenge - currently it results in a “422 Unprocessable Entity” error.

Poking around a little further, placing a dummy test file in .well-known/acme-challenge and attempting to load it up in a browser also results in the same error, as it does when placed in any URI that includes a period (like xxx.xxx.xxx/.test/test.html), but it DOES load up fine as long as the URI doesn’t include a period (like xxx.xxx.xxx/test/test.html)

I’m using lighttpd to do both my port redirection and https redirection, and I think I’ve ruled it out as the culprit (switching off https redirection entirely didn’t help, and I don’t think there are any lighttpd configurations set up that should affect this). I’m left thinking it’s something that Rocket is doing, but I’m not sure where to look.

Let me know if any additional context would help - thank you in advance!

Vaultwarden version:


Web server:

lighttpd/1.4.69 (ssl)

Operating system:

DietPi v8.25.1

Certbot version:

certbot 2.1.0

Hey folks! Bumping as I’m unfortunately still in the same boat as before. Any guidance would be appreciated!

Why? It should be the reverse proxies job to make sure there’s an exception for the route. Vaultwarden/Rocket has nothing do with it.

Cf. https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToSimpleSSL#Lets-Encrypt-bootstrap-using-HTTP-01-verification-challenge-and-certbot