-
-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fix] Stronger match for acme-challenge nginx location #428
Conversation
Hey, thank you very much for this ! That looks like an easy fix ! The tricky part though (or maybe not so tricky ?) would be to update existing files on people's setup. Recently I was thinking that in the short/mid-term, we should also maybe move this file to be handled as common snippet called directly in the |
If an application (for instance roundcube) installed at the root of a subdomain has the following nginx configuration: location ~ ^/(.+/|)\. { deny all; } acme-challenge matching location: location '/.well-known/acme-challenge' { default_type "text/plain"; alias /tmp/acme-challenge-public/; } will not be used. This fix prevents further matching by regular expressions. Co-authored-by: Tomo59 <thomas.gambier@gmail.com>
Hello and thank you for your answer ! I don't really know how to take the next steps (I only installed yunohost today and I am not a web developer). If I manage to find some spare time, I can try to dig into this but it is highly unlikely. Feel free to make any modification that you wish ! |
No problem, I'll try to have a look :) Thanks for the PR ! |
That PR looks good to me :) I have yet to test it but I think we can merge it without that much risks quite soon. Thanks for your contribution ❤️ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM and tested successfully with a previously failing certificate renewal with netdata 👍
Great, merging, thanks a lot for this pr ❤️ |
The problem
If an application (for instance roundcube) installed at the root of a
subdomain has the following nginx configuration:
acme-challenge matching location:
will not be used.
Solution
After acme-challenge match, prevent further matching by regular expressions.
PR Status
How to test
Create a subdomain.
Install roundcube on the subdomain.
Try to generate a lets encrypt certificate.
Validation