Last active
September 22, 2024 00:31
-
-
Save gwire/59916448cc8eae7ac79bacb4beecb2d2 to your computer and use it in GitHub Desktop.
nginx config snippet to allow acme validation for TLS certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Only permit acme-challenge requests that match the ACME spec, | |
| ## return 403 for everything else | |
| ## RFC8555 specifies a base64url token (no "=") | |
| ## with at least 128 bits of entropy (ie 22 chars minimum) | |
| ## root matches the "webroot" directory used in the certbot configuration | |
| location ~ "^/.well-known/acme-challenge/([A-Za-z0-9_-]{22,})$" { | |
| default_type "text/plain"; | |
| root /var/www/acme/; | |
| } | |
| location /.well-known/acme-challenge/ { | |
| return 403; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment