Webroot unauthorized, possibly because of drupal


I’m having troubles with the webroot command, I believe it’s because i’m serving drupal from the webroot, and requiring all visitors to log in, if you are not logged in, you’re automatically redirected to mydomain.com/user/login by the php script:

This is the command I used

./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=/var/www/html/drupal -d mydomain.com

And this is the response

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: sudo /home/<user>/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=/var/www/html/drupal -d mydomain.com

Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.com/.well-known/acme-challenge/<snip> [<ipaddress>]: 403

 - The following 'urn:acme:error:unauthorized' errors were reported by
   the server:

   Domains: mydomain.com
   Error: The client lacks sufficient authorization

Should I change something in my nginx configuration for the directory /.well-known/acme-challenge ?


The same problem has been discussed here: Drupal’s defualt .htaccess file breaks webroot authentication and the best solution in my eyes seems to be this answer: Drupal’s defualt .htaccess file breaks webroot authentication
Although that solution is based on Apache configuration I’m pretty sure there’s a similar solution for nginx …


thing is, i’m not using Apache, i’m using nginx. the .htaccess file is ignored.

Thinking about it, it is probably my nginx configuration, has nothing to do with drupal then.


I’m an Apache person but from what I glanced over at http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite it looks like nginx has a pretty similar concept as far as the rewrite is concerned … as for the .htaccess that is quite typically Apache you’d probably need to put that into your nginx configuration.