Elgg 2.2 might not yet have it in the .htaccess but the latest Elgg 2.3 version has a rewrite rule in its .htaccess to allow for access to the folder where the SSL certificate is saved. See https://github.com/Elgg/Elgg/blob/2.3/install/config/htaccess.dist#L137. The ".well-known" folder name is used by Letsencrypt SSL certification. But it should be no problem to adjust the folder name in the rewrite rule if necessary. On the other hand, ".well-known" as folder name is even kind of a standard. In any case I would use a subfolder for the SSL stuff and not save it directly in the root folder.
In .htaccess, I added...
# explicity allow access for the .well-known directory
RewriteRule "^.well-known/" - [L]
Just before...
# hide all dot files/dirs (.git)
RewriteRule (^\.|/\.) - [F]
And it worked a treat, just as iionly said it would.
Thanks
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.