Nginx issues with Letsencrypt challenge


I think the nginx config has a flaw, denying access to the challenge files

Issue is the statement
location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;

which denies access to all “dot files”, including .challenge

removing the . from the list enabled the challenge verification


for security reasons it is much better to allow access only to the location /.well-known/acme-challenge explicitly and not to allow accessing hidden files (starting with a dot) generally by removing the dot in the block you mentioned.

In the example configuration there is already an empty block prepared. Just add allow all; in brackets so it looks like this:

location ^~ /.well-known/acme-challenge { allow all; }

Attention: I changed added the prefix ^~ so that regular expressions are not checked and thus the location block with the dot does not apply.

Cheers, Bernie_O

Edit: I just noticed that the location block with the acme-challenge is in the https-section of the configuration. It needs to be in http-section since acme-challenges go in via http.

1 Like

That seems to do the triick, many thanks !