I’m working with nginx to host several websites. I’m using getssl (bash) acme client to retrieve challenges and write appropriate response files to get certificates from letsencrypt. But it is unclear to me if I should provide these responses using the http or the https protocol, or both?
Can someone point me in the right direction here.
I.e. If I want to retrieve certs for example.com, should I then provide answers via:
Is the http & https version share the same directory and config file? If so, you only need to put the challenges file in the direction once…
Let’s encrypt will connect to port 80 of your web server (which normally represent plain http version) first, then will follow redirection request (to other sites / ports, but not to an IP address)
If the http & https version are different, you must put the challenges file on http, (you may need to put it in https if http will redirect to https)
Also, I think when connecting to your website & find validation token (challenges files), let’s encrypt will not check if the current certificate is trusted or not…
I’m currently directing any and all http requests permanently (code 301) to their https equivalence. If Letsencrypt indeed follows http->https redirects and disregards certificate validity for the acme challenge part then I should be able to enable it with minimal changes. Thanks!