Certificate renewal over HTTPS


Hello, I have a very quick question:

If I’m redirecting all of the traffic to HTTPS from HTTP (Nginx webserver) without allowing any content to be accessed on HTTP connection, is it possible to renew certificate using webroot?

Fragment of my nginx config used for redirecting traffic:

return 301 https://$server_name$request_uri;

I’m using certbot from debian (9) stable repostiory



Yes, as long as https://$server_name/ has the correct root.

You could also exclude it from the redirect, e.g.:

location / {
    return 301 https://$server_name$request_uri;
location /.well-known/acme-challenge/
    root /var/www/whatever;


The solution is the desired method for handling HTTP:
Force everything to HTTPS, except authentication requests (which can be handled using HTTP).
[It sets the EXAMPLE for how one should handle HTTP]