by Devin Yang
(This article was automatically translated.)

Published - 2 years ago ( Updated - 2 years ago )

Let all requests that link to acme-challenge directory files be linked to a specific folder.

Apache
Represents all websites, if the folder opens /.well-known/acme-challenge/, it will open the directory I specified /home/nginx/acme- challenge/.well-known/acme-challenge/

Alias ​​/.well-known/acme-challenge/ "/home/nginx/acme -challenge/.well-known/acme-challenge/"

Nginx
Represents the web page connection /.well-known/acme-challenge/, The root directory of the website is /home/nginx/acme-challenge

location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /home/nginx/acme-challenge;
}

Some people may be curious about what to do with this, I will roughly explain my situation, super old host, no Docker can not install HAProxy or certbo, only apache and nginx.
But I need to automatically apply for and update the certificate on the host, so I let the host mount the folder on another host that can run the certbot program through NFS, and let the verification file generated by him be generated directly In the /home/nginx/acme-challenge/.well-known/acme-challenge/ directory on the old host,
the webpage can be successfully verified and the certificate can be obtained.

When there are a lot of vhosts, you can all eat the same folder, instead of creating a directory for each vhost website.

Tags: config ssl certbot

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

Similar Stories


php openssl curl

Fix CA setting problem

Sometimes the ca file cannot be found due to PHP version update or environment change. fix is ​​easy

ssh,security,config

About SSH_USER_AUTH

After OpenSSH 7.6, you can add the ExposeAuhtInfo yes parameter in the sshd_config configuration file, restart sshd, and then log in, there will be an environment variable $SSH_USER_AUTH which can be written into a temporary file in tmp, which contains the login public key

ssl,haproxy,certbot

Perfect SSL certificate automatic update environment (HAProxy plus certbot)

HAProxy's reloading speed is very fast, and I don't feel that there is a restart. It is really convenient for all credentials to be handled by HAProxy. Host environment requirements, please confirm that you have the following two instructions (How to install Ubuntu? apt-get install -y haproxy cerbot, I guess, if not, please Google)