General question, not really a problem. Just curious; everywhere you read about how to setup nginx to work with webroot renewals states that the well-known location only need be set in the port 80 server block. They also usually suggest you add a 301 or other redirect to your ssl url. When I do that, I need to add the location to both server blocks for renewal to work. Otherwise I get an authentication error. Why does no one state that or am I doing something wrong in fact? Thanks.
The devil is usually in the details with this kind of thing.
If you have a server that is defined like:
listen 80;
location / {
return 301 https://whatever$request_uri;
}
location /.well-known/acme-challenge {
# ...
}
then it will work fine, there’s really no reason it would need to be duplicated in the port 443 server.
However, if you make the following (fairly common) mistake:
listen 80;
location /.well-known/acme-challenge/ {
# ...
}
return 301 https://whatever$request_uri; # not scoped, overrides everything
then the location block will get ignored and you’ll end up having to also put the location block into the port 443 listener.
2 Likes
Ahhh ok that’s probably my issue then. Thanks for clearing it up.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.