Dirk's Tech Findings

nginx: Forwarding to https except ".well-known" for certbot

Publication date: 2023-04-15

Issue: "certbot" fails when forwarding to https is configured in nginx

When using nginx for serving web pages via https (tcp/443), it makes sense to forward any request to http (tcp/80). This worked fine. However, "certbot" failed due to inaccessible data in the folder ".well-known".

Solution: Create an exception for ".well-known"

Looking for a suitable configuration in the web, a merged multiple configuration snippets into the following. One requirement was to have an IPv6-compatible configuration.

server {
    listen [::]:80 ipv6only=off;
    server_name _;

    root /var/www/webroot;

    location /.well-known {
        try_files $uri $uri/ =404;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

This works for me.

Hint towards the solution

Search engine results and some already present configuration were merged.

Back to topic list...