Skip to content
Permalink
Browse files

Open up lets Encrypt acme challenge config (#165)

Since Lets Encrypt don't publish IP ranges that their acme challenge service will be sourced from, we need to allow free access to this location special to override any IP ACLs added by Advanced Custom Nginx Configuration. Due to the way Nginx config is applied, this only applies to the regex and below, keeping the IP ACLs working for the rest of the website.
  • Loading branch information...
the1ts authored and jc21 committed Jul 4, 2019
1 parent 43c7063 commit ddbfdf6f6e1682ede0fdab72afb7e85455d98569
Showing with 3 additions and 0 deletions.
  1. +3 −0 rootfs/etc/nginx/conf.d/include/letsencrypt-acme-challenge.conf
@@ -2,7 +2,10 @@
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
location ^~ /.well-known/acme-challenge/ {
# Since this is for letsencrypt authentication of a domain and they do not give IP ranges of their infrastructure
# we need to open up access by turning off auth and IP ACL for this location.
auth_basic off;
allow all;

# Set correct content type. According to this:
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29

0 comments on commit ddbfdf6

Please sign in to comment.
You can’t perform that action at this time.