What is the recommended Way to register for nginx proxy certs


#1

Hey everyone,
this is basically how I have been requesting certs from letsencrypt… anyone give input/advice on whether its the right way to do it?

I use nginx in most cases as a rev proxy in front of lots of web apps.

  1. create nginx site config like usual, but add in a location block for /.well-known and alias it to /usr/share/nginx/html.
    location /.well-known { alias /usr/share/nginx/html/.well-known; autoindex on; }

  2. restart nginx to reload the vhost configs

  3. run letsencrypt (i run this from my users homedir, not sure yet how to install it “globally” ± % ./letsencrypt-auto certonly --webroot -w /usr/share/nginx/html -d mydomain.com

  4. edit nginx conf to include the certificate from /etc/letsencrypt/live/mydomain.com/fullchain.pem.


#2

what you listed is basically the way I do it via webroot for nginx (paths and files may differ though)


#3

it’d be nice to have a catch all defined in default or whatever that auto-loads the /.well-known so its not defined on each vhost… i wonder if thats possible.


#4

yes possible see examples at

or do what i do, when i auto generate my nginx vhosts, the default vhost templates have an include file and in that i specify common settings and location context matches that all nginx sites share i.e. .well-known support


#5

those examples still require include snippets/letsencryptauth.conf; in each of your vhosts right?


#6

yeah they do… it’s fairly easy to use a standard nginx vhost template approach to include such file(s) :wink: