Are you saying that the /.well-known URL has to be exempt from redirection? If so, it's easiest (for you, if not for the server) to put that RewriteCond first:

RewriteCond %{REQUEST_URI} !^\.well-known
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

This goes after all other redirects in htaccess.
-- The NE flag is not needed, though it is not harmful.
-- It is never necessary to escape / slashes in mod_rewrite.
-- Express the hostname as a negative: “anything except this one canonical form”.
Aside: In some situations you need to say
!^(www\.example\.com)?$
in case the request does not contain a Host: header. But this cannot occur on servers that carry multiple hostnames--the request simply won't reach your htaccess file--so that's a savings of three bytes.

If you have multiple sites passing through the same htaccess, it gets messier. You should bend over backwards to avoid using mod_rewrite in more than one htaccess along the same path; there is almost always an alternative. Let each site have its own htaccess with its own RewriteRules. If the server uses the “primary/addon” structure (as opposed to the “userspace” structure) we’ll work it out.

Hello and thank you for your very helpful response. Yes, my hosting provider told me the following before I put in the well-known line:

'The problem is caused by your .htaccess file getting in the way of the authentication process....which has the additional line to not force https if the request is to the /.well-known folder, as this is how the SSL process verifies the link from the server to the domain name.'

The Common Name on the certificate is just example.co.uk, no www prefix if that makes a difference. There is only one .htaccess file for each site, they are all on their own separate webspace. I presume the server has multiple names on it.

So, in your file if I substitute the real domain name for 'example', this should all work?

I'm guessing the first line will be RewriteEngine On?

My advice is to leave the \.well-known file alone. Leave it out of your redirect code. The key installer will find it if you don't confuse it.

Thank you. However, not having it in is what is causing the renewal problem.

You misunderstood.

Just upload it to the base directory and leave it alone. Don't include it in your redirect code. That's what is causing the problem.

The certificate key installer is programmed to look for the well-known file and overwrite the key with the new one each renewal.

It will find it if you don't confuse it.

I see. I don't have anything to do with the 'well-known' folder, I don't touch it. It is put in place by the hosting company.

Yes, but you are "touching it" when, according to your original post, you include it in the middle of that redirect.

I would remove this line completely:

RewriteCond %{REQUEST_URI} !\/\.well-known\/

Then add this line somewhere above that rewrite:

RewriteRule ^.well-known/(.*)$ - [L]

Similar to what lucy24 suggested, only independent of the redirect. This way the key installer won't get confused where the file is located... but if lucy24's code is doing the job, use that :)

I'm guessing the first line will be RewriteEngine On?

If you haven't already turned it on. You only need to do this once.

according to your original post, you include it in the middle of that redirect.

I would remove this line completely:

RewriteCond %{REQUEST_URI} !\/\.well-known\/

this line excludes that path from the redirect.
(although i would use the ruleset suggested by lucy24)

Apologies for the delay in replying. Thank you all for your input. My original .htaccess file (without any mention of the well-known) did what I wanted which was to force both www and https. However, that was the reason for my post as it interfered with certificate renewal each three month cycle which wasn't good from the clients viewpoint - expired certificates aren't a good look.

So to recap and one final question, if I use the file kindly supplied by Lucy do I replace the example with the real domain name?

Thank you again for all your help and input.

“example.com” is used in these forums for two reasons: because you're not allowed to name your own site, and because it doesn't auto-link. The latter is especially important here in the Apache subforum (and also, I guess, the one for IIS) so code remains readable.

I'm guessing the first line will be RewriteEngine On?

Someone hereabouts got brave and experimented. The line has to occur once in any htaccess file that uses mod_rewrite--but it doesn't matter if it comes first, last or in the middle. It may even occur twice if you have CMS boilerplate supplemented by your own rules. But in practice it makes most sense to put it immediately before your RewriteRule section, because that's where a human would expect to see it.

I will use the file you kindly provided for all my affected websites. Thank you again for all your help, very much appreciated.

One last question, just to clarify when using the file do I actually use URL or URI in the lines? The first edit by phranque left me confused. Thanks again.

this line excludes that path from the redirect.

I'm aware of that... however it may have been the cause of the key installer getting lost. I work with these all the time. Best to keep the location of well-known independent of any rewrites. As the OP just said, when he went back to using an old copy of htaccess *without* that line, the installer was able to do its job. There's absolutely no reason for that file path to be included in the redirect, with or without the exemption. There are no browsers that will request it.

One last question, just to clarify when using the file I actually use URL or URI in the lines?

@vSkyeman - use the URI as exemplified.

Thank you.

The first edit by phranque left me confused.

There should be no reason for your confusion - i simply unlinked the URL on this line and otherwise left it as you posted it:

RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

Hello Phranque, sorry - no criticism intended. I thought the original code had URL in it, it was actually URI when I looked back at the code supplied by my hosting provider. The confusion arose when I looked up URI and found that both can be used.

Apologies again, despite many years experience in web design .htaccess coding has always been unknown territory to me as I haven't needed to use it until recently.