Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Enable Let's Encrypt to transition http sites to https #565
The problem. When the LE role runs for an existing http site, the site already has an Nginx conf in
Proposed solution. This PR resolves the problem of competing server blocks by extending a strategy already in place. The already existing strategy is that when ssl is enabled, the http->https redirection section also loads the Acme Challenge location block so that LE cert renewals will pass challenge tests.
It seems relatively harmless to have the Acme Challenge location block there in the conf all the time. This PR adds the Acme Challenge location block to the non-ssl conf. As a result, when the LE role runs on an existing http site, it will use the site's existing conf (or create a new Acme Challenge conf if somehow there is no conf already). Either way, the Acme Challenge tests pass.
This creates a bit more crossover between the
The one context privileged to not have to deal with the extra Acme Challenges location block is what should be the most common: 1) ssl enabled and 2) no www redirect necessary.