let’s encrypt: the https redirect problem [nginx]

let’s encrypt make HTTP requests to a domain for check the ownership.

But, if you have already HTTPS enabled and make a redirect for all HTTP requests like

if ($scheme = 'http') {
	rewrite ^ https://$server_name$request_uri? permanent;
}

then you run into a problem:

Sat Mar 5 16:31:07 CET 2016 Failed authorization procedure. blog.mameso.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.mameso.com/.well-known/acme-challenge/rmKLoxxxxD7h4rxxxxF2wHexxxxLWAPGaxxxxI [213.111.221.123]: 403

So you need to exclude the HTTP reqests to „/.well-known/acme-challenge/*“:

location '/.well-known/acme-challenge' {
	break;
}
location '/' {
	if ($scheme = 'http') {
		rewrite        ^ https://$server_name$request_uri? permanent;
	}
	try_files $uri $uri/ /index.php?$args;
}

The try_files is for WordPress readable URIs.

Thats it – the next let’s crypt ssl-cert updates are running fine.

Anyone with the same problem or you have a better solution? leave a comment!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.