Apache and Nginx's ACME authentication pass kill

by Devin Yang
(This article was automatically translated.)

Published - 2 years ago ( Updated - 2 years ago )

Let all requests that link to acme-challenge directory files be linked to a specific folder.

Apache
Represents all websites, if the folder opens /.well-known/acme-challenge/, it will open the directory I specified /home/nginx/acme- challenge/.well-known/acme-challenge/

Alias ​​/.well-known/acme-challenge/ "/home/nginx/acme -challenge/.well-known/acme-challenge/"

Nginx
Represents the web page connection /.well-known/acme-challenge/, The root directory of the website is /home/nginx/acme-challenge

location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /home/nginx/acme-challenge;
}

Some people may be curious about what to do with this, I will roughly explain my situation, super old host, no Docker can not install HAProxy or certbo, only apache and nginx.
But I need to automatically apply for and update the certificate on the host, so I let the host mount the folder on another host that can run the certbot program through NFS, and let the verification file generated by him be generated directly In the /home/nginx/acme-challenge/.well-known/acme-challenge/ directory on the old host,
the webpage can be successfully verified and the certificate can be obtained.

When there are a lot of vhosts, you can all eat the same folder, instead of creating a directory for each vhost website.

Tags: config ssl certbot

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
config

3C Tech Center moved to GCP

I can't stand Bulehost's slow speed, and I have pulled DNS back to be directly managed by networksolutions. Adjust the DNS setting TTL to two hours, maybe it will be converted to other places.. Here are a few things that I personally don't like about Bulehost. 1. The host should be in the United States, and the speed is too slow. Two, no http/2. 3. The time zone of mysql cannot be adjusted. So decided to move to Google Cloud Platform...

城堡
docker, goaccess, config

phpenv actual combat GoAccess is real website analysis (docker version)

Before I start, let me say that GoAccess can also generate static data as long as you have a log, because I think the real-time feeling is more dazzling, so this article will focus on the part of GoAccess real-time display. Although Google Analytics (GA) is very useful, it is also very good to try another GA. For example, you want to know which browsers website users use to visit the website.

城堡
linux,system,config

Fix the problem that CentOS6.x can no longer be updated

There may still be some old programs in some places, which can only run the old system. But you want to be able to execute and install some desired packages, you may try this method. Please note that if this system is important to you, please evaluate it yourself. It is recommended that you have a Docker environment and have a backup image before trying it.