How to get a certificate without a webroot (nginx reverse proxy)

i am using nginx as reverse proxy which forwards the request to some web application on the same machine is the address and target is

I saw in the documentation that the command for optaining a cert is:
sudo certbot certonly --webroot --webroot-path=/var/www/html -d -d

But in my case i dont have a webroot-path cause the request is forwarded. I am new with certbot so the answer might be easy.

Thank you for help !

Greetings !

Make a separate location that doesnʼt do the proxying. For example, this is what I have in my configs:

  location /.well-known/acme-challenge/ {
    root /run/nginx; # Replace with the path to your webroot directory
    default_type text/plain;


1 Like

Newly in Certbot 0.14, released yesterday, it is recommended to try the nginx plugin if you’re obtaining certificates with nginx.

sudo certbot --nginx -d -d

Since this plugin has not been widely used, it’s possible that it will have bugs which you can tell us about so we can fix them. :slight_smile: However, it might be simpler than the webroot approach for nginx users in the future, because it’s more automated (and doesn’t require a webroot).

You will probably only have the new version if you’re using the autoupdated Certbot via something like certbot-auto, so this suggestion may not apply to you yet if you installed Certbot from an operating system package.

@Nekit’s answer is also correct and is exactly what you might do if you decide to go ahead with the traditional webroot method.

Hello Nekit,
thank you for your answer. I have this command already in a separated
location tag. It seems that i dont understand something fundamental here
:slight_smile: Hope i will soon …

Now i have the situation that when i enter i get forwarded
to And from the other side its the same. Which directive
is forwarding me all the time ?
I thought the configurations per file are separated to the subdomain ?!

Greetins -. C. -

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.