Adding a subdomain

MikeMcQ · April 21, 2024, 12:41am

It does not matter for nginx location and root statements

rg305 · April 21, 2024, 12:46am

Until it does - LOL
[I prepare for that day well in advance]

MikeMcQ · April 21, 2024, 2:13am

The root statement does not behave different inside a location block than outside it.

I don't know why following your suggestion would be any more likely to avoid some future nginx bug or breaking change. There are no guarantees against such things.

Heck, even nginx's own docs show a location with a trailing slash and a root statement without one. In fact, all example root statements are shown without a trailing slash

Sets the root directory for requests. For example, with the following configuration

location /i/ {
root /data/w3;
}

https://nginx.org/en/docs/http/ngx_http_core_module.html#location

rg305 · April 21, 2024, 2:17am

And that makes them futureproof?
I trust my instincts. Which say... Don't count on the software to always be smart enough to know what you meant and not do exactly as you say.
So, I say: Tell it clearly and exactly what you want it to do and don't ever test your luck with its' capacity to understand.

MikeMcQ · April 21, 2024, 2:59am

The --nginx plugin does not setup or use a folder for the challenge tokens. When used as the authenticator it adds temp code to your nginx config to reply with the correct value directly in a return statement. Example shown below. It does this for initial cert and each renew.

If you use --nginx as your installer it will make permanent changes to your nginx config. It may do a variety of things such as setup a port 443 server block, add redirect to port 80 server block if requested, and other things (see Certbot docs). It does not make these changes during a renew command.

Doing just certbot --nginx uses it as both authenticator and installer. Using certbot certonly --nginx uses it only as authenticator.

Sample --nginx authenticator setting up your nginx for acme challenge
The "=" sign for a location statement has the highest priority for location block matching and selection.

server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

  listen 80;
  listen [::]:80;
  server_name example.com www.example.com;
  root /var/www/html;

  location = /.well-known/acme-challenge/MxkxRxkxzxkxgxHxvxkxOxpxkxVxkx8xkx4xFxExuxg 
    {default_type text/plain;
     return 200 MxkxRxkxzxkxgxHxvxkxOxpxkxVxkx8xkx4xFxExuxg.AwQwgwgwzwgwJwgw4wew3wrwxwiw-wpwvwqwxwBwswT;
    } # managed by Certbot
}

system · May 21, 2024, 3:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with creating subdomain certificate Help	25	2263	October 2, 2018
Cerbot one webroot for different domains and subdomains Server	14	5015	September 17, 2018
Cant Complete the setup process Help	65	2624	February 7, 2021
Type: unauthorized Detail: Invalid response from Help	96	2881	March 8, 2021
Trying to fix my certificate after changing domain names Help	30	10108	April 22, 2019

Adding a subdomain

Related topics