Nginx ssl redirection and certbot

Question

I have a test server with docker compose + nginx + certbot (get certificates from let's encript).

Nginx config:

server {
    listen [::]:80;
    listen 80;

    server_name testdomain.com www.testdomain.com;

    location ~ /.well-known/acme-challenge {
        allow all; 
        root /var/www/certbot;
    }
     
    server_tokens off;

    # redirect http to https www
    return 301 https://www.testdomain.com$request_uri;
} 

#other server configs

certbot says in logs:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: testdomain.com
  Type:   connection
  Detail: Fetching http://testdomain.com/.well-known/acme-challenge/vXDwOBgMA9DEq2IvxqUxxxxxxxxxx: Connection refused

  Domain: www.testdomain.com
  Type:   connection
  Detail: Fetching http://www.testdomain.com/.well-known/acme-challenge/shRZla5V7iFXB6D__xxxxx: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

I've put a temporary file to the /.well-known/acme-challenge/(http) but it can't be downloaded (if I try to open mydomain.com/index.html - works fine, but redirects to https version). I think that problem is in the fact, my config tryes to redirect certbot requests to https, too. Do you have any idea how to get /.well-known/acme-challenge/ out of https rules?

Nginx ssl redirection and certbot

Answers (1)

Related Questions