Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

martins picture martins · Sep 16, 2017 · Viewed 16.5k times · Source

I'm not able to get nginx to return the files I've put in /var/www/letsencrypt.

nginx/sites-available/mydomain.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name my-real-domain.com;

  include /etc/nginx/snippets/letsencrypt.conf;

  root /var/www/mydomain;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

nginx/snippets/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  root /var/www/letsencrypt;
}

I run this command: certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com

But the page that certbot tries to access is always an 404.

DEBUGGING

$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi

Now I should be able to curl localhost/.well-known/acme-challenge/hi, but that does not work. Still 404. Any idea what I'm missing?

Answer

bukkojot picture bukkojot · Sep 16, 2017

Option root /var/www/letsencrypt/; tells to nginx "this is base directory", so final path will be /var/www/letsencrypt/.well-known/acme-challenge/.

So, you have 2 options:

  1. Change your path, for example to

    $ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
    
  2. Change behavior of nginx, so nginx will treat it as alias:

    location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      rewrite /.well-known/acme-challenge/(.*) /$1 break;
      root /var/www/letsencrypt;
    }
    

And don't forget make killall -1 nginx to reload config