🔒 Fix Let's Encrypt ACME challenge for SSL certificates

- Add .well-known/ path exclusion in proxy_handler
- Prevent quoter from intercepting ACME challenge requests
- Fix CI/CD build without sudo access
- Add comprehensive SSL troubleshooting documentation

Resolves: SSL certificate generation failure for files.dscrs.site

src/handlers/proxy.rs

@@ -28,6 +28,12 @@ pub async fn proxy_handler(
     let start_time = std::time::Instant::now();
     info!("GET {} [START]", requested_res);
 
+    // Возвращаем 404 для .well-known путей (для Let's Encrypt ACME)
+    if requested_res.starts_with(".well-known/") {
+        warn!("ACME challenge path requested: {}", requested_res);
+        return Err(ErrorNotFound("Not found"));
+    }
+
     let normalized_path = if requested_res.ends_with("/webp") {
         info!("Converting to WebP format: {}", requested_res);
         requested_res.replace("/webp", "")

src/main.rs

@@ -68,6 +68,13 @@ async fn main() -> std::io::Result<()> {
             .route("/quota", web::get().to(get_quota_handler))
             .route("/quota/increase", web::post().to(increase_quota_handler))
             .route("/quota/set", web::post().to(set_quota_handler))
+            .service(
+                web::scope("/.well-known")
+                    .service(
+                        actix_files::Files::new("/", "/tmp/.well-known")
+                            .show_files_listing()
+                    )
+            )
             .route("/{path:.*}", web::get().to(proxy_handler))
     })
     .bind(addr)?