Reputation: 13
Letsencrypt Renewal + Nginx + owncloud config = failed because of regular expression
I am running an owncloud-server with ngnix on Debian 8. I use a ssl-certificate for that domain from letsencrypt.
Now i want to use an autorenewal-script, to run periodically and renew my certs. This works with all domains, except the owncloud.
Actually there is one location block in the nginx-owncloud-config, that prevents letsencrypt from enter the subfolder domain.org/.well-known/acme-challenge:
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
By god, i am no expert in regular expressions and have no clue, how to solve this (and what this expression actually means).
Below that Block i included a location block for the letsecrypt-renewal:
# Letsencrypt auto-renewal
location '/.well-known/acme-challenge' {
default_type text/plain;
root /var/www/;
try_files $uri /$1;
}
I think I tried something like:
location ~ ^/(?:\.(?!well-known/acme-challenge)|autotest|occ|issue|indie|db_|console) {
deny all;
}
...not knowing, if this would affect the expression.
The only way for me is to comment out the "deny all". And it works. Actually i have in mind, to extend the renewal script to stop the server, change the owncloud-conf, restart the server again, fetch the new certs, stop the server again, change the owncloud-conf back und restart the server...
But maybe its more simple. And i may learn something more about regex...
Does anyone have a tip for me?
Upvotes: 1
Views: 1083
Answers (1)
Reputation: 49682
The location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) denies access to any URI beginning with /. such as /.well-known.
Firstly, do you have any files and directories in the root which begin with a period (other than /.well-known)?
One option is to make the regex more specific, for example:
location ~ ^/(?:\.ht|autotest|occ|issue|indie|db_|console)
would deny access to any URI beginning with /.ht.
Another option is to make location '/.well-known/acme-challenge' take precedence by adding the ^~ modifier. See this document.
location ^~ /.well-known/acme-challenge
This would make the location take precedence over all regex locations. So if the location contained .php files, they may cease to work.
A final option would be to turn it into a regex location:
location ~ ^/\.well-known/acme-challenge
In which case it would have equal precedence and you could order it above the deny location.
Upvotes: 2
Related Questions
- What is the best regular expression to check if a string is a valid URL?
- Regular expression to stop at first match
- How do you use a variable in a regular expression?
- Regular expression to match a line that doesn't contain a word
- How can I validate an email address using a regular expression?
- How do you access the matched groups in a JavaScript regular expression?
- Is there a regular expression to detect a valid regular expression?
- Regular expression for alphanumeric and underscores
- How can I match "anything up until this sequence of characters" in a regular expression?