2 files changed, 20 insertions, 2 deletions

diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 537cd52a1..1f485a881 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -145,7 +145,7 @@ class HTTPSig {
 
 
 
-	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$alg = 'sha256') {
+	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256') {
 
 		$return_headers = [];
 
@@ -155,8 +155,14 @@ class HTTPSig {
 
 		$x = self::sign($request,$head,$prvkey,$alg);			
 
-		$sighead = 'Signature: keyId="' . $keyid . '",algorithm="' . $algorithm
+		if($auth) {
+			$sighead = 'Authorization: Signature keyId="' . $keyid . '",algorithm="' . $algorithm
 			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+		}
+		else {
+			$sighead = 'Signature: keyId="' . $keyid . '",algorithm="' . $algorithm
+			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+		}
 
 		if($head) {
 			foreach($head as $k => $v) {
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index 3190369c8..710aa2844 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -119,6 +119,18 @@ class Router {
 
 			if(! (\App::$module_loaded)) {
 
+				// undo the setting of a letsencrypt acme-challenge rewrite rule
+				// which blocks access to our .well-known routes.
+				// Also provide a config setting for sites that have a legitimate need
+				// for a custom .htaccess in the .well-known directory; but they should
+				// make the file read-only so letsencrypt doesn't modify it
+
+				if(strpos($_SERVER['REQUEST_URI'],'/.well-known/') === 0) {
+					if(file_exists('.well-known/.htaccess') && get_config('system','fix_apache_acme',true)) {
+						rename('.well-known/.htaccess','.well-known/.htaccess.old');
+					}
+				}
+
 				$x = [ 
 					'module' => $module, 
 					'installed' => \App::$module_loaded,