Configuring Apache for DCV validation via TBSCertBot

In order to enable Domain Control Validation (DCV) when issuing certificates, Apache must expose the DCV directory used by TBSCertBot via the standard URL /.well-known/pki-validation/.

This configuration allows the certification authority to access the validation files generated by TBSCertBot.

Principle

TBSCertBot generates the validation files in the local directory:

/usr/local/TBSCertBot/data/dcv/

Apache must map this directory to the public path:

/.well-known/pki-validation/

Apache configuration

Create or modify the following file:

/etc/apache2/conf.d/dcv.conf

File content:

Alias /.well-known/pki-validation/ /usr/local/TBSCertBot/data/dcv/

<Directory /usr/local/tbscertbot/data/dcv >
        Options -Indexes +FollowSymLinks
        AllowOverride None

        <IfVersion >= 2.4>
                Require all granted
        </IfVersion>

        <IfVersion < 2.4>
                Order allow,deny
                Allow from all
        </IfVersion>
</Directory>

This configuration ensures maximum compatibility depending on the version of Apache used.

Useful links

Setting up hook for DCV HTTP/HTTPS in TBSCertBot

Anonymous [ settings | log in ]

Last edited on 01/30/2026 13:38:52 --- [search]