Certificate renewal over HTTPS


#1

Hello, I have a very quick question:

If I’m redirecting all of the traffic to HTTPS from HTTP (Nginx webserver) without allowing any content to be accessed on HTTP connection, is it possible to renew certificate using webroot?

Fragment of my nginx config used for redirecting traffic:

return 301 https://$server_name$request_uri;

P.S
I’m using certbot from debian (9) stable repostiory

Thanks.


#2

Yes, as long as https://$server_name/ has the correct root.

You could also exclude it from the redirect, e.g.:

location / {
    return 301 https://$server_name$request_uri;
}
location /.well-known/acme-challenge/
    root /var/www/whatever;
}

#3

The solution is the desired method for handling HTTP:
Force everything to HTTPS, except authentication requests (which can be handled using HTTP).
[It sets the EXAMPLE for how one should handle HTTP]