Nginx permission issue (404)
Trying to get let's encrypt setup using the webroot method, which creates and needs to access files in the ./.well-known/acme-challenge/ directory. Everything there (including the manual test file I added) shows up as 404.
Going kind of crazy as I've tried variants of:
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge {
default_type text/plain;
}
location /.well-known {
try_files $uri $uri/ =404;
}
with no luck. I've also checked permissions on the folders and even set to 777. I'm pretty new to setting up nginx config so I'm sure there's an existing condition that's throwing it off:
server{
listen 80;
server_name domain.com www.domain.com;
location / {
rewrite ^(.*)$ https://domain.com$1 permanent;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 0.0.0.0:443 ssl;
root /var/www/domain.com/public_html;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
client_max_body_size 32m;
}
location ~ /.well-known {
allow all;
}
}
Answer
As Richard Smith said, a root directive is needed. It can go in the server block or the location block.
Note, even if root is in the location block, the path should not contain "/.well-known"
location ~ /.well-known {
allow all;
root /var/www/domain.com/public_html;
# NOT
# root /var/www/domain.com/public_html/.well-known;
}