From 7516fbcf3774672f4ccb988833e286ea070f7084 Mon Sep 17 00:00:00 2001
From: Andrea Cocito <39852324+puffetto@users.noreply.github.com>
Date: Tue, 16 May 2023 14:27:49 +0200
Subject: [PATCH] =?UTF-8?q?Have=20HAProxy=20do=20some=20minimal=20validati?=
 =?UTF-8?q?on=20on=20the=20challenge=20(see=20end=20of=20=C2=A78.3=20in=20?=
 =?UTF-8?q?RFC8555).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Stateless-Mode.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Stateless-Mode.md b/Stateless-Mode.md
index edc5eb8..40fd429 100644
--- a/Stateless-Mode.md
+++ b/Stateless-Mode.md
@@ -85,7 +85,7 @@ Configure your webserver to respond statelessly to challenges for a given accoun
         mode  http
         bind :80
         bind :443 ssl crt /etc/haproxy/certs/
-        http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
+        http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_reg '^/.well-known/acme-challenge/[-_a-zA-Z0-9]+$' }
     ```
 3. Ok, you can issue cert now.
   ```