Certbot: cannot config nginx to webroot

Question

I loosing all my hair now.

I'm trying to setup Certbot (letsencrypt) to my server. But I can't even make the url http://myapp.com/.well-known/acme-challenge/myfile available with:

namei -om /var/www/certbot/.well-known/acme-challenge/myfile 
f: /var/www/certbot/.well-known/acme-challenge/myfile
 drwxr-xr-x 1000 1000 /
 drwxr-xr-x root root var
 drwxr-xr-x root root www
 drwxr-xr-x root root certbot
 drwxr-xr-x root root .well-known
 drwxr-xr-x root root acme-challenge
 -rw-r--r-- root root myfile

and the following nginx config:

upstream myapp {
  server                localhost:3000;
}

server {
  listen                80;
  server_name           myapp.com;

  location /.well-known/acme-challenge {
    default_type "text/plain";
    root /var/www/certbot;
  }

  location / {
    proxy_pass          http://myapp;
    proxy_read_timeout  90;
  }

}

But URL ain't available:

curl -I http://myapp.com/.well-known/acme-challenge/myfile
HTTP/1.1 404 Not Found
Server: nginx/1.6.2
Date: Tue, 31 May 2016 17:40:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 47
Connection: keep-alive
X-Powered-By: Express
X-Content-Type-Options: nosniff

What am I doing wrong ??? Please help me!

Answer 1

I finally found the solution:

The nginx config sites were in /etc/nginx/sites-available but not in /etc/nginx/sites-enabled.

I did create a link from the former to the later, but it was not a symlink (missing the -s option in ln /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled).

I still don't understand the use case of a link not symbolic but in my case that was the problem.

Answer 2

I think you should quote the location since it contains a dot. Like this:

location '/.well-known/acme-challenge/' {
   # ...
}

I'm not entirely sure about it but I've seen other people do this and it seems to work for me.