Redirect everything but .well-known in NGINX (Let's Encrypt)

Question

I want to get a certificate via the letsencrypt.sh so I have to provide a challenge on HTTP.

Already I use NGINX to forward to SSL (served on a nodejs server). Now I want to still redirect everything to SSL, but not the challenge.

Here is my config

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    server_name screen.example.com;

    location /.well-known { }

    location / {
        return 301 https://$server_name$request_uri;
    }
}

Opening a challenge URL still redirects me to HTTPS.

How can I fix this?

Hmm, when I use an empty `return` I can't start nginx. `nginx -t` fails with: `nginx: [emerg] invalid number of arguments in "return" directive in /etc/nginx/...`. I'm using `nginx` 1.4.6. What version are you running? — mgalgs, Nov 11 '16 at 03:31
@mgalgs you have to remove the empty return statement, look at the edited config snippet. — Alex, Jan 27 '18 at 16:39

score 5 · Accepted Answer · answered Jan 28 '16 at 11:30

5

Oh my, the config seems to work. I just requested the wrong path.

The letsencrypt.sh's default is .acme-challenges - I changed this to

WELLKNOWN="/usr/share/nginx/html/.well-known/acme-challenge" in config.sh

answered Jan 28 '16 at 11:30

Alex

676
1
14
37

Redirect everything but .well-known in NGINX (Let's Encrypt)

1 Answers1

Linked