Enable ActivityPub Plugin on Bitnami WordPress instance with LetsEncrypt

ActivityPub plugin is a very cool piece of WordPress addition. With this plugin installed users of Mastodon and other such federated platforms that support ActivityPub can follow your blog as if it were another instance on the Fediverse.

Unfortunately if you run a Bitnami instance of WordPress (for example one provided by AWS LightSail with LetsEncrypt service providing a TLS certificate for you site – you may encounter an incompatibility issue. LetsEncrypt uses /.well-known/acme-challenge path on your site for certificate validation, but ActivityPub plugin uses /.well-known/webfinger path to return relevant profile information. It conflicts with LetsEncrypt and the WebFinger path returns “404 – not found”.

Fortunately there is an easy fix. SSH to your server, locate file /opt/bitnami/apps/letsencrypt/conf/httpd-app.conf, and add highlighted lines to it:

<Directory "/opt/bitnami/apps/letsencrypt/.well-known">
    Options +MultiViews
    AllowOverride None
    <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.3>
        Require all granted
    </IfVersion>
	
    RewriteEngine On
    RewriteBase /.well-known/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ /index.php?well_known_path=$1 [QSA,L]
	
</Directory>

After that Webfinger starts returning correct profile information, and your site can be found on the Fediverse.

One reply

  1. Pablo Silva says:
    06/21/2023 at 2:47 PM

    Hi there – just stumbled across your post. Thaks for documenting this issue here! I’ve included the suggested rules and I can now successfully serve the document (as opposed to a 404,) but it’s still not working:

    wordpress health check:

    WebFinger endpoint is not accessible
    Your WebFinger endpoint https://www.silvasonic.com/.well-known/webfinger?resource=acct:Silvasonic@www.silvasonic.com does not return valid JSON for application/jrd+json.

    The above URL returns:

    {“subject”:”Silvasonic@www.silvasonic.com”,”aliases”:[“https:\/\/www.silvasonic.com\/author\/silvasonic\/”],”links”:[{“rel”:”self”,”type”:”application\/activity+json”,”href”:”https:\/\/www.silvasonic.com\/author\/silvasonic\/”},{“rel”:”http:\/\/webfinger.net\/rel\/profile-page”,”type”:”text\/html”,”href”:”https:\/\/www.silvasonic.com\/author\/silvasonic\/”}]}

    But the WebFinger look up says:

    Request Log
    19:44:15 Looking up WebFinger data for https://www.silvasonic.com/.well-known/webfinger?resource=acct:Silvasonic@www.silvasonic.com
    19:44:15 GET https://www.silvasonic.com/.well-known/webfinger?resource=https%3A%2F%2Fwww.silvasonic.com%2F.well-known%2Fwebfinger%3Fresource%3Dacct%3ASilvasonic%40www.silvasonic.com
    19:44:16 Error getting JRD: 400 Bad Request

    JSON Resource Descriptor (JRD)
    null

    Do you know what’s going on by any chance? Thanks for your help!

Leave a Reply

Your email address will not be published. Required fields are marked *