What is .well-known?

Corey Seymour
Published: 12 April 2024Last updated: 17 April 2024

The .well-known URI prefix is a path prefix for "well-known locations" on web servers. This is a directory that is created within the document root of your website so the format looks like this: https://example.com/.well-known/

It's intended purpose is for hosting metadata and other information that can be used by applications to discover policy or configuration data for a website or web service. This is only required by certain services - so only needed in some circumstances. Some common uses of the .well-known URI include:

  • /.well-known/acme-challenge/: This is often used by the Automated Certificate Management Environment (ACME) protocol, which lets websites automatically obtain secure certificates and you’ll often see this used by services like Let’s Encrypt for SSL/TLS certification.
  • /.well-known/pki-validation/: This is often used for HTTP-based validation to validate a domain. Mostly used by providers offering SSL certificates, they will give a TXT file that will need to be uploaded to this location so they can authenticate an SSL order.
  • /.well-known/security.txt: This is a method for webmasters to define security policies for their website by including information such as an email address to contact for any security issues. This can help improve security by making it easier for individuals to report issues regarding the website.

Overall, the .well-known directory provides a standardized way for web applications to expose certain types of metadata or resources which simplifies integration with other services and protocols.