1

I'm really at my witts end with this! Firstly, there doesn't seem to be a way to do the LetsEncrypt verification process without making the domain live! (which sucks when you are trying to move from one server to another)

Then, I can't seem to get the acme-challenge stuff to work. Here is my config for the domains host in nginx:

server {
    listen      xxx.xxx.xxx.xxx:80;
    server_name test.co.uk www.test.co.uk;
    root        /home/rachel/web/test.co.uk/public_html;

      # Necessary for Let's Encrypt Domain Name ownership validation
      location /.well-known/acme-challenge/ {
        try_files $uri /dev/null =404;
      }
      location / {
        return 301 https://$host$request_uri;
      }
}
server {
    listen      xxx.xxx.xxx.xxx;
    server_name cdn.test.co.uk ;
    root        /home/rachel/web/cdn.test.co.uk/public_html;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/cdn.test.co.uk.log combined;
    access_log  /var/log/nginx/domains/cdn.test.co.uk.bytes bytes;
    error_log   /var/log/nginx/domains/cdn.test.co.uk.error.log error;

      # Necessary for Let's Encrypt Domain Name ownership validation
      location /.well-known/acme-challenge/ {
        try_files $uri /dev/null =404;
      }
      location / {
        return 301 https://$host$request_uri;
      }
}

I made a test foo.html file, and put it in the /.well-known/foo.html folder. Then going to the browser:

http://test.co.uk/.well-known/foo.html

I get a 403 error. What am I doing wrong? I can't see why its so complicated to do this!

Thanks (hopefully you can save the little bit of hair I have left ;))

Andrew Newby
  • 1,041
  • 1
  • 22
  • 48

1 Answers1

2

Eugh, I really should just start by posting my questions here! Almost every time, I find the correct solution after posting!

Necessary for Let's Encrypt Domain Name ownership validation
location '/.well-known/acme-challenge' {
    root /home/rachel/web/cdn.test.co.uk/public_html;
}

location / {
      if ($scheme = http) {
        return 301 https://cdn.test.co.uk$request_uri;
      }
}

Hopefully this helps someone else!

Andrew Newby
  • 1,041
  • 1
  • 22
  • 48
  • 1
    I do this slightly differently, as described in this question http://serverfault.com/questions/755662/nginx-disable-htaccess-and-hidden-files-but-allow-well-known-directory/755691#755691 – Tim Apr 07 '17 at 18:34