CertMgr_MaxRedirHTTPChallenge – maximum HTTP redirects for Let's Encrypt challenge

🛠️

Parameter: CertMgr_MaxRedirHTTPChallenge

Short description: Maximum allowed HTTP redirects during the Let's Encrypt HTTP-01 challenge by CertMgr.

Profile

Parameter	`CertMgr_MaxRedirHTTPChallenge`
Category	Security / TLS
Component	Server
Available since	12.0.1
Supported versions	12.0, 14.0, 14.5, 14.5.1
GUI equivalent	notes.ini only (no GUI)
Possible values	Integer (0 = no redirects allowed; typical values 0–5)

Description

During the ACME HTTP-01 challenge, Let's Encrypt requests the file /.well-known/acme-challenge/<token> over HTTP. If an HTTP 301/302 is in front of the domain hostname (e.g. for a forced HTTPS redirect), CertMgr_MaxRedirHTTPChallenge defines how many redirects CertMgr follows during the self-check.

If the value is too low, the self-check fails even though the actual challenge file would be retrievable; if too high, redirect loops cannot be detected.

Example configuration


CertMgr_MaxRedirHTTPChallenge=3

Notes & pitfalls

Default value 0 – no redirects allowed (safest option).

With an upstream HTTPS redirect, typically 1 or 2.

Complements CertMgr_NoVerifyHTTPChallenge (skip self-check entirely).

Only relevant for ACME/Let's Encrypt workflows.

The change takes effect after a restart of certmgr.