I’m trying to understand how to Nginx plugin works and if I need to do anything about the current setup. I have already setup a Debian 10 (buster) server, and plan to install a Node.js app on it.
Firstly though, I set up Nginx and Certbot, so I have a functioning certificate for my server.
I did so like this:
certbot run --nginx -d sub.example.com.
Certbot was helpful enough to add the needed directives to the default site configuration (
/etc/nginx/sites-available/default) but I moved all the edits to a separate configuration in sites-available, called certbot for now, and linked it in sites-enabled.
The actual question
From my understanding, with this setup Certbot auto-configures Nginx to serve the HTTP-01 challenge in
.well-known, but this means that it needs to take over the http/https ports which should be serving the app (through server directives that I still need to write in the sites-available config file). So, setting up a web server which uses Nginx as reverse proxy does it mean that during the challenge for renewal the app has a downtime? I don’t mean during the post_hook which reloads Nginx, I mean when the certbot client is performing http01 challenge.
Moreover, I tried deleting the symlink from sites-enabled and reloaded nginx, but the challenge succeeded anyway, how does it do the Nginx setup? Does it spawn an ad-hoc nginx with a custom configuration?