Hi, i add some problems with renewing ssl certificates by let’s encrypt, it was initially my fault because i created redirections that worked too early.
So, i wanted to use “Enable automatic HTTPS redirection” of a domain. I understood it added nginx.forcessl.conf
however, when i enable automatic HTTPS redirection, it is not possible to access the let’s encrypt HTTP 01 challenge for let’s encrypt renewal and redirection:
➜ curl -I http://yourdomainhere.com/.well-known/acme-challenge/test123
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 14 Nov 2024 21:03:50 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://yourdomainhere.com/.well-known/acme-challenge/test123
If i disable automatic HTTPS redirection, i get a 200 for sure.
The acme challenge “location” wasn’t meant to run before any http to https redirection?
In other words, the curl should have returned a 200 here because in order to generate or renew a SSL certificate of let’s encrypt this has to be done via HTTP, not HTTPS. Isn’t it?
So now, it looks like The http to https redirection occurs before the challenge check-up
The challenge =>>
cat nginx.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
default_type text/plain;
return 200 "$1.ZJtq94l_EmDUxxxxxxxxqdG5sHy-ralLUNS0";
}
— so theoritically — the right order of directives should be something like
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
default_type text/plain;
return 200 "$1.ZJtq94l_EmDUxxxxxxxxqdG5sHy-ralLUNS0";
}
location / {
return 301 https://$host$request_uri;
}
Redirect everything else to HTTPS after checking Let’s Encrypt HTTP-01 challenge, not before…