While testing, please use --dry-run
(or --staging
)
Then once it passes the tests, switch back to production.
I saw that too late, but it succeeded, thank you! It didn't offer me any options for redirecting http to https so I guess I'm going to have to manually wrangle that bit. I wonder why.
Oh it did add in the redirect, maybe the new version of certbot just doesn't ask first.
Redirection in nginx
is cake!
Here have a piece:
location ^/(?!\.well-known) { # skip challenge requests
return 301 https://$host$request_uri; # send all requests to HTTPS
}# location
root /new/dedicated/challenge/path; # path for challenge requests
That will allow the challenge requests to be handled in HTTP (not redirected like all other requests).
And use a dedicated path for added security!
[can't have too much of that]
For anyone reading this:
/new/dedicated/challenge/path
Is just a placeholder / example.
You would need to replace that with a real place.
A new one freshly created for this single purpose.
NOT a path that already has anything inside/beneath it. [bad for security]
This is resolved, the issue was that I didn't have a listen directive in my nginx virtual host config file, and so ipv6 requests were going somewhere unexpected. After adding in
listen 80;
listen [::]:80;
after the server name directive in my config. Once that was in there and nginx reloaded the configm certbot was able to successfully challenge and get the cert, Thanks @rg305 !
Glad I could help - I would have selected the first post that mentioned the specific problem as the solution. In the grand scheme you brought a problem here and then you solved it yourself...
But to each his own.
Cheers from Miami
#FreeCUBA
Sorry if I did it wrong, I wanted the listed solution to actually tell a future googler how to fix the issue if they have the same problem.
Thanks again from Japan.
@rg305 I marked your post as the solution. If you wouldn't mind, I'd love it if you could copy in the solution info into your post, so that people who find this later can get to the solution quickly.
Thanks!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.