I have a NodeJS web service which is exposed with a reverse-proxy using Nginx. I am trying to renew an SSL certificate from certbot, and for renewal it looks at domain.com/.well-known for the ACME challenge. However, the way I have the node service configured is that the root path does not serve files, the root of the domain is caught and handled by my web service. My actual public webroot is at domain.com/public, so the ACME challenge is really at domain.com/public/.well-known
So there are two ways to fix this, I could figure out how to tell certbot to look at domain.com/public/.well-known instead of domain.com/.well-known, or figure out how to somehow "proxy" domain.com/public/.well-known to domain.com/.well-known.
Here is my config and failed attempt at redirecting it:
server {
listen 80;
listen 443 ssl;
client_max_body_size 50M;
ssl_certificate <path to cert>;
ssl_certificate_key <path to key>;
server_name domain.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /.well-known {
return 302 "http://{$host}/public{$request_uri}";
}
}
certbot renew, sorry. – chrispytoes/publicroute. I can't put it on the root path because requests to the root path are caught and handled by the nodejs app and rendered from handlebars templates. I only use the/publicroute for serving static js and css files. It's putting the challenge in the right place, it' just not looking for it in the right place when it does the verification. – chrispytoes