Webroot unauthorized, possibly because of drupal

1

I’m having troubles with the webroot command, I believe it’s because i’m serving drupal from the webroot, and requiring all visitors to log in, if you are not logged in, you’re automatically redirected to mydomain.com/user/login by the php script:

This is the command I used

./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=/var/www/html/drupal -d mydomain.com

And this is the response

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: sudo /home/<user>/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=/var/www/html/drupal -d mydomain.com

Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.com/.well-known/acme-challenge/<snip> [<ipaddress>]: 403


IMPORTANT NOTES:
 - The following 'urn:acme:error:unauthorized' errors were reported by
   the server:

   Domains: mydomain.com
   Error: The client lacks sufficient authorization

Should I change something in my nginx configuration for the directory /.well-known/acme-challenge ?

2

The same problem has been discussed here: Drupal’s defualt .htaccess file breaks webroot authentication and the best solution in my eyes seems to be this answer: Drupal’s defualt .htaccess file breaks webroot authentication
Although that solution is based on Apache configuration I’m pretty sure there’s a similar solution for nginx …

3

thing is, i’m not using Apache, i’m using nginx. the .htaccess file is ignored.

Thinking about it, it is probably my nginx configuration, has nothing to do with drupal then.

4

I’m an Apache person but from what I glanced over at http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite it looks like nginx has a pretty similar concept as far as the rewrite is concerned … as for the .htaccess that is quite typically Apache you’d probably need to put that into your nginx configuration.