2

i found already some q&a's here regards this topic but none was helping me to solve the problem. I installed a debian 8 server just today and every request to my domain is redirected to https. Now i was playing around to create a new ssl certificate for a subdomain which was failing because the certbot was accessing the .well-known directory with http. As this request was redirected to https it wasn't working. My idea was to exclude this hidden directory from redirects.

For testing i was putting a simple text into the .well-known/acme-challenge/ directory. Everytime im doing a request to this file im still redirected. Here is my current nginx config:

server {
    listen 80 default_server;
    #listen [::]:80 default_server;
    server_name test.de www.test.de;

    root /var/www/html;

    location /.well-known/acme-challenge {
        root /var/www/html;
        allow all;
    }
    location / {
        return 301 https://test.de$request_uri;
    }
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    include snippets/ssl-test.de.conf;
    include snippets/ssl-params.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

#    location ~ /.well-known {
#        allow all;
#    }
}

Anyone any ideas?

StephanM
  • 123

1 Answers1

9

When I did a similar thing, I needed to add the following:

location /.well-known {
    root /var/www/html;
    allow all;
    try_files $uri =404;
}

location / {
    return 301 https://example.com$uri;
}

Without the try_files, nginx has no information on what to do (there is no default for try_files).

Also, when testing it, you need to use curl or wget, that doesn't care about HSTS setting for the site.

Tero Kilkanen
  • 38,887