Apache and Nginx's ACME authentication pass kill

by Devin Yang
(This article was automatically translated.)

Published - 2 years ago ( Updated - 2 years ago )

Let all requests that link to acme-challenge directory files be linked to a specific folder.

Apache
Represents all websites, if the folder opens /.well-known/acme-challenge/, it will open the directory I specified /home/nginx/acme- challenge/.well-known/acme-challenge/

Alias /.well-known/acme-challenge/ "/home/nginx/acme -challenge/.well-known/acme-challenge/"

Nginx
Represents the web page connection /.well-known/acme-challenge/, The root directory of the website is /home/nginx/acme-challenge

location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /home/nginx/acme-challenge;
}

Some people may be curious about what to do with this, I will roughly explain my situation, super old host, no Docker can not install HAProxy or certbo, only apache and nginx.
But I need to automatically apply for and update the certificate on the host, so I let the host mount the folder on another host that can run the certbot program through NFS, and let the verification file generated by him be generated directly In the /home/nginx/acme-challenge/.well-known/acme-challenge/ directory on the old host,
the webpage can be successfully verified and the certificate can be obtained.

When there are a lot of vhosts, you can all eat the same folder, instead of creating a directory for each vhost website.

Tags: config ssl certbot

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

security,config

Raspberry Pi fail2ban installation notes

My mainframe basically has remote logs set up, and all of them are sent to the log center on the Synology NAS. Among them, there is a Raspberry Pi that is used as a router, and there will be a bunch of sshd verification attempts to log in. Basically, I only allow public key verification, so I don’t want to use passwords to brute force it, but a bunch of logs of verification failures are really good. Hate.

certbot,docker,ftp

curlftpfs introduction and manual certificate application

Situation sharing, imagine that you have WebHosting, which only provides FTP connection, and then you want to apply for a certificate manually. In this article, I share how I use Docker to install curlftpfs, mount the FTP folder of the remote host, and then execute certbot in the container to apply for an SSL certificate. Leaving aside the certificate application, when I first discovered the curlftpfs command, I found it very interesting, especially if you are a MacOS user and do not have a satisfactory FTP software at hand. You love scrolling through the command line as much as I do, so maybe you should love this command too. 🤭

linux,system,config

Fix the problem that CentOS6.x can no longer be updated

There may still be some old programs in some places, which can only run the old system. But you want to be able to execute and install some desired packages, you may try this method. Please note that if this system is important to you, please evaluate it yourself. It is recommended that you have a Docker environment and have a backup image before trying it.