nginx config for acme challenge
To more transparently support Let's Encrypt and the acme-challenge for http, here is a config that can be used with nginx. In the case all traffic showing up as HTTP gets redirected to HTTPS, it's easiest to respond to challenges without the redirect.
server {
server_name www.yes-www.org yes-www.org www.yes-www.com yes-www.com;
listen [::]:80;
listen 80;
location /.well-known/acme-challenge/ {
root /var/www;
try_files $uri =404;
}
access_log off;
return 301 https://$host$request_uri;
}
This appeared on serverfault literally as above. I modified it slightly to strip the initial path part of the URL off with a rewrite, change the location part of above to this:
location /.well-known/acme-challenge {
root /acme-challenge;
rewrite ^/.well-known/acme-challenge/(.*) /$1 break;
try_files $uri =404;
}
Then the challenges will end up in the /acme-challenge directory without a substructure (.well-known/acme-challenge), so when configuring dehydrated
:
WELLKNOWN=/acme-challenge
My usual mode of testing this kind of config is to echo hello > /acme-challenge/foo.txt
and then use curl http://domain.io/.well-known/acme-challenge/foo.txt
and if you see hello
then you should be good to go.