Redirect all requests to HTTPS, except for one subdirectory
Try this:
server {
listen 80;
server_name sub.domain.tld;
server_tokens off;
root /var/www/letsencrypt;
location /.well-known {
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host$request_uri;
}
}
Since there was no try_files
entry in your virtual server, it didn't know what to do with requests coming to /.well-known
.
Related videos on Youtube
SaAtomic
Updated on September 18, 2022Comments
-
SaAtomic over 1 year
I'm trying to move from self-signed certificates to Let's Encrypt certificates on my nginx webserver.
Currently, I redirect all requests to
http/80
tohttps/443
, which uses a self signed certificate I created a while ago.Now - from what I understand Let's Encrypt makes a request to port 80 (as I am using the
webroot
option ofcertbot
). These requests are redirected, which renders the certificate generation unsuccessful.I tried to achieve this with the following server block, listening at port 80:
server { listen 80; server_name sub.domain.tld; server_tokens off; location /.well-known { root /var/www/letsencrypt; } location / { return 301 https://$host$request_uri; } }
But requests to
/.well-known
are redirected tohttps/443
anyways.How can I redirect all requests from
http/80
tohttps/443
, except the requests to/.well-known/
?-
SaAtomic about 7 yearsAs far as I'm aware, the
webroot
ofcertbot
option requires plain http. -
Alexey Ten about 7 yearsHow did you check redirect? I guess your browser respects HSTS headers for you domain, but let's encrypt bot would ignore it. Check with
wget
/curl
-
-
Alexey Ten about 7 years
location
withouttry_files
just sends file fromroot
directory. -
Olle Kelderman about 7 yearsweird, I have the exact same situation and I dont use
try_files
and it works perfectly fine for me. In fact I have the exact same config as stated in the question. Only difference islocation /.well-known/
instead oflocation /.well-known
(note the trailing slash). So maybe thats where the problem is?