Hi
I think the nginx config has a flaw, denying access to the challenge files
Issue is the statement
location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}
which denies access to all “dot files”, including .challenge
removing the . from the list enabled the challenge verification
Hi,
for security reasons it is much better to allow access only to the location /.well-known/acme-challenge explicitly and not to allow accessing hidden files (starting with a dot) generally by removing the dot in the block you mentioned.
In the example configuration there is already an empty block prepared. Just add allow all; in brackets so it looks like this:
location ^~ /.well-known/acme-challenge { allow all; }
Attention: I changed added the prefix ^~ so that regular expressions are not checked and thus the location block with the dot does not apply.
Cheers, Bernie_O
Edit: I just noticed that the location block with the acme-challenge is in the https-section of the configuration. It needs to be in http-section since acme-challenges go in via http.
That seems to do the triick, many thanks !