-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP->HTTPS 302 redirect missing #21
Comments
Actually I know why we have this problem, the nginx config was changed to allow HTTP for Let's Encrypt certification renewal. The certbot needs to access a plain HTTP location to verify the domain name. So the fix for that is to redirect everything to HTTPS except the specific URL used for certbot - so just a bit of nginx config magic. |
I think something like this should work? (untested)
|
@kees solution works, and it's what I used to use on my servers before switching to DNS-01. DNS-01 is a way simpler and better method to renew the certificates, as it doesn't need to accept http trafic at all. |
Thanks, using this now on staging based on @kees' solution:
We should get it merged in the Ansible config for all hosts and deployed on production in the next update. Thanks also @inakimalerba for the tip, we'll also take a look to see if we can simplify the cert renewal process. |
That's right, good catch. A simple way to reproduce the issue is with
curl
:This should return a 302 instead to redirect to the HTTPS URL. I believe most browsers already do that by themselves, by checking if there is a HTTPS URL available since I've never seen the issue on Firefox or Chromium.
I believe this needs to be fixed in https://github.com/kernelci/kernelci-frontend-config where the nginx config files are.
Originally posted by @gctucker in kernelci/kernelci-frontend#120 (comment)
The text was updated successfully, but these errors were encountered: