Hi,

I came across the folllowing redirect match for Apache on the following site: https://www.hyperborea.org/journal/2...-lets-encrypt/

If I'm not mistaken, this is a negative lookahead regex, right? The question is, why would someone need something so complex in this case?
Or wouldn't it work otherwise with a RedirectMatch?

I am not sure why you think it is "so complex"...?

It simply says: Serve requests for anything below /.well-known/acme-challenge/ from this host, redirect everything else to https://example.com/

Assuming the host where this is located is the http://example.com host, this would allow LetsEncrypt authentication requests to be served here as required while redirecting everything else to the secure host.

As to why they did it this way rather than another, you would have to ask them (I have not visited the link), but probably because it is so simple.

Well, it's not so complex after all, but I guess you'd use lookahead and lookbehind regex in particular situations, and that is to say, when you try to match only a certain regex, and NOT the regex that it is bordering with. So you'd use it as a border.
Wheras in this situation, I'd have simply used a NOT match for the whole expression. This is saying match only ^ and whatever follows it with the exception of /.well-known/acme-challenge, but in this case I don't see any use in separating ^ from the rest. You'd normally use a ! for the whole thing, I guess.

Except that the mod_alias RedirectMatch directive does not support negated matches (with a ! prefix), so if you want to express a regex that does not match you need to use a negative lookahead.

To use the negated regex (!) prefix you need to use the (marginally more expensive) mod_rewrite RewriteRule (and/or RewriteCond) directive.