Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

Question 1

Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

nginx lets-encrypt certbot

martins · Sep 16, 2017 · Viewed 16.5k times · Source

Answer

Answer

Option root /var/www/letsencrypt/; tells to nginx "this is base directory", so final path will be /var/www/letsencrypt/.well-known/acme-challenge/.

So, you have 2 options:

Change your path, for example to

$ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi

Change behavior of nginx, so nginx will treat it as alias:

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  rewrite /.well-known/acme-challenge/(.*) /$1 break;
  root /var/www/letsencrypt;
}

And don't forget make killall -1 nginx to reload config

Question 2

I'm not able to get nginx to return the files I've put in /var/www/letsencrypt.

nginx/sites-available/mydomain.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name my-real-domain.com;

  include /etc/nginx/snippets/letsencrypt.conf;

  root /var/www/mydomain;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

nginx/snippets/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  root /var/www/letsencrypt;
}

I run this command: certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com

But the page that certbot tries to access is always an 404.

DEBUGGING

$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi

Now I should be able to curl localhost/.well-known/acme-challenge/hi, but that does not work. Still 404. Any idea what I'm missing?

Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

Answer

Related questions