Follow the below steps to enable ACME challenge

  • mkdir .well-known unde var/www/example.com(document root)
  • mkdir acme-challenge under .well-known
  • create file test.txt under acme-challenge
  • goto /etc/nginx/sites-avaialble/example.com and add the below lines
### Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
        location ^~ /.well-known/acme-challenge/ {
                default_type "text/plain";
                root /var/www/example.com/;
        }

        ### Hide /acme-challenge subdirectory and return 404 on all requests.
        location = /.well-known/acme-challenge/ {
                return 404;
        }

You can see the example below.

server {
        root /var/www/example.com;
        index index.html index.htm index.nginx-debian.html;
        server_name www.example.com example.com;
location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://localhost:8081;
        }
listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

### Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
        location ^~ /.well-known/acme-challenge/ {
                default_type "text/plain";
                root /var/www/example.com;
        }

        ### Hide /acme-challenge subdirectory and return 404 on all requests.
        location = /.well-known/acme-challenge/ {
return 404;
        }

Post Views: 249

Leave a Reply