Share

Question

server {
        listen 80;
        listen [::]:80;
        server_name www.domain.com *.domain.com;

        return 301 http://domain.com;
}

server {
        listen 80;
        listen [::]:80;

        root /var/www/domain.com/html;

        index index.html index.htm index.nginx-debian.html;

        server_name domain.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

The tutorial says to add to the SSL Server Block

        location ~ /.well-known {
                allow all;
        }

so i updated mine to be:

server {
        listen 80;
        listen [::]:80;
        server_name www.domain.com *.domain.com;

        return 301 http://domain.com;
}

server {
        listen 80;
        listen [::]:80;

        root /var/www/domain.com/html;

        index index.html index.htm index.nginx-debian.html;

        server_name domain.com;

        location ~ /.well-known {
                allow all;
        }

        location / {
                try_files $uri $uri/ =404;
        }
}

I was just wondering if this is the proper way to do it or if there is a better way to do it?

Answer 1

jtittle1 May 18, 2017

@ariziragoran

If you’re using the web root option, that’s the method you’ll need to use.

The other option would be to use the certonly option, though you’d need to stop NGINX, run the certificate command, and then start NGINX since the Let’s Encrypt (now CertBot) application needs to access ports 80 and 443.

Reply Report

Related

Question

NGINX LetsEncrypt Cert location tag question

Leave a comment

Looking for something else?

Share

Share your Question

Related

Question

NGINX LetsEncrypt Cert location tag question

Leave a comment

Related

question

letsencrypt invalid SSL Cert

question

Letsencrypt on Ubuntu 16.04/Nginx

question

Why my site which uses "Let's Encrypt" is marked as "not safe" by Chrome?

question

Secure with Let's Encrypt using Server Blocks

Looking for something else?

Almost there!