sympl-ssl fails to override ssl-only config for a site during ACME HTTP-01 challenge verification
Summary
sympl-ssl will fail to obtain/renew certificates for a site which has had the ssl-only config option enabled.
I understand it is meant to override this during HTTP-01 challenge verification; this doesn't seem to work.
Steps to reproduce
- Automatically install Sympl on Debian 10.
sympl web create example.com
touch /srv/example.com/config/ssl-only
sudo sympl-web-reconfigure example.com
sudo sympl-ssl --verbose example.com
What is the current bug behavior?
Let's Encrypt is unable to verify the HTTP-01 challenge, as the forced HTTPS redirection is not disabled during the certificate renewal process (or at least overriden for .well-known/acme-challenge/*)
What is the expected correct behavior?
Acme challenge verification succeeds, as http://example.com/.well-known/acme-challenge/* does not engage the HTTPS direct configured by ssl-only, during the verification process.
/cc @kelduum