Cannot renew certs when redirecting http to https


I think so. It’s possible that the {} block did not actually prevent the subsequent block from applying; I don’t know enough about Nginx configuration to know whether more than one location block can apply to the same request or not.

The Let’s Encrypt CA is actually willing to follow a 301 redirect in this case (which is often useful), but that might not be relevant to your debugging here.

In order to pass the authentication challenge, Certbot needs to be able to create text files in the webroot location specified in /etc/letsencrypt/renewal/, within the subdirectory .well-known/acme-challenge and then have those files be visible to the public via HTTP under


In desperation, I temporarily changed the top server block to respond to instead of, then did the renew, then changed it back again.

Obviously this is not a permanent solution but just enough to get the site back online.


A post was split to a new topic: Problem validating domain (TLD app)