On Tue, Apr 16, 2024 at 01:54:31AM +0200, Mike Fischer wrote:
>The location { … } block in the port 80 server is non-functional because all
>requests are redirected to HTTPS. Add a `pass` to make it functional. Note: If
>you do then you don’t need the corresponding location { … } block in the port
>443 server any more.
>
>Also, instead of:
>> block return 301 "https://www-server.example.com$REQUEST_URI“
>you could write:
> block return 301 "https://$HTTP_HOST$REQUEST_URI";
>
>server "www-server.example.com" {
> listen on * port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> pass
> }
> block return 301 "https://$HTTP_HOST$REQUEST_URI";
>}
>
>But those are just optimisations that don’t address your issue.
Thanks.
>To start debugging the issue put a small test file into your /var/www/acme
>directory and test access using e.g. curl:
>
># echo 'test'>/var/www/acme/test
>
>Preferably from a different host:
>$ curl --url 'http://www-server.example.com/.well-known/acme-challenge/test'
>
[..]
>
>These directories are irrelevant. You want to look at: /var/www/acme as your
>location { … } block reroutes /.well-known/acme-challenge to /acme (in the
>/var/www chroot(2) environment).
>
>/var/www/acme is there by default and it should have 755 root:daemon
>permissions.
All good now. I don't know what actually fixed it, but it's fixed!
Thanks again.
