How to get a certificate without a webroot (nginx reverse proxy)


#1

Hello,
i am using nginx as reverse proxy which forwards the request to some web application on the same machine
dms.mydomain.com is the address and target is mydomain.com:8090

I saw in the documentation that the command for optaining a cert is:
sudo certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com

But in my case i dont have a webroot-path cause the request is forwarded. I am new with certbot so the answer might be easy.

Thank you for help !

Greetings !


#2

Make a separate location that doesnʼt do the proxying. For example, this is what I have in my configs:

  location /.well-known/acme-challenge/ {
    root /run/nginx; # Replace with the path to your webroot directory
    default_type text/plain;
  }

HTH


#3

Newly in Certbot 0.14, released yesterday, it is recommended to try the nginx plugin if you’re obtaining certificates with nginx.

sudo certbot --nginx -d example.com -d www.example.com

Since this plugin has not been widely used, it’s possible that it will have bugs which you can tell us about so we can fix them. :slight_smile: However, it might be simpler than the webroot approach for nginx users in the future, because it’s more automated (and doesn’t require a webroot).

You will probably only have the new version if you’re using the autoupdated Certbot via something like certbot-auto, so this suggestion may not apply to you yet if you installed Certbot from an operating system package.

@Nekit’s answer is also correct and is exactly what you might do if you decide to go ahead with the traditional webroot method.


#4

Hello Nekit,
thank you for your answer. I have this command already in a separated
location tag. It seems that i dont understand something fundamental here
:slight_smile: Hope i will soon …

Now i have the situation that when i enter www.myDomain.com i get forwarded
to wiki.myDomain.com. And from the other side its the same. Which directive
is forwarding me all the time ?
I thought the configurations per file are separated to the subdomain ?!

Greetins -. C. -


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.