CODEWITHSUNDEEP
nginxlets-encryptcertbot
martins
martins

Reputation: 10009

Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX

I'm not able to get nginx to return the files I've put in /var/www/letsencrypt.

nginx/sites-available/mydomain.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name my-real-domain.com;

  include /etc/nginx/snippets/letsencrypt.conf;

  root /var/www/mydomain;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

nginx/snippets/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  root /var/www/letsencrypt;
}

I run this command: certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com

But the page that certbot tries to access is always an 404.

DEBUGGING

$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi

Now I should be able to curl localhost/.well-known/acme-challenge/hi, but that does not work. Still 404. Any idea what I'm missing?

Upvotes: 24

Views: 34890

Answers (3)

Peter Vangsgaard
Peter Vangsgaard

Reputation: 21

It's because you are using root and not alias, i have this as working solution:

listen       80;
location /.well-known/acme-challenge {
  alias /var/www/acme;
}
location / {
  return 301 https://$host$request_uri;
}

Upvotes: 2

enguerran
enguerran

Reputation: 3291

It seems that the Synology Nginx configuration now has a rule for acme-challenge. Put your file in /var/lib/letsencrypt/.well-known/acme-challenge and there is no need to reload Nginx as the configuration stay unchanged.

See /etc/nginx/nginx.conf for details.

Upvotes: 1

bukkojot
bukkojot

Reputation: 1530

Option root /var/www/letsencrypt/; tells to nginx "this is base directory", so final path will be /var/www/letsencrypt/.well-known/acme-challenge/.

So, you have 2 options:

  1. Change your path, for example to

    $ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi

  2. Change behavior of nginx, so nginx will treat it as alias:

    location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  rewrite /.well-known/acme-challenge/(.*) /$1 break;
  root /var/www/letsencrypt;
}

And don't forget make killall -1 nginx to reload config

Upvotes: 28

Related Questions