Certbot renewal process code added

thecarlo · Jun 19, 2018 · 2f8e7b8 · 2f8e7b8
1 parent d88e9ec
commit 2f8e7b8
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 22 deletions.
diff --git a/src/letsencrypt/docker-compose.yml b/src/letsencrypt/docker-compose.yml
@@ -4,7 +4,7 @@ services:
 
   letsencrypt-nginx-container:
     container_name: 'letsencrypt-nginx-container'
-    image: nginx:latest
+    image: nginx:1.14.0
     ports:
       - "80:80"
     volumes:

diff --git a/src/production/docker-compose.yml b/src/production/docker-compose.yml
@@ -4,7 +4,7 @@ services:
 
   production-nginx-container:
     container_name: 'production-nginx-container'
-    image: nginx:latest
+    image: nginx:1.14.0
     ports:
       - "80:80"
       - "443:443"
@@ -14,6 +14,8 @@ services:
       - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem
       - /docker-volumes/etc/letsencrypt/live/ohhaithere.com/fullchain.pem:/etc/letsencrypt/live/ohhaithere.com/fullchain.pem
       - /docker-volumes/etc/letsencrypt/live/ohhaithere.com/privkey.pem:/etc/letsencrypt/live/ohhaithere.com/privkey.pem
+      #for certbot challenges
+      - /docker-volumes/data/letsencrypt:/data/letsencrypt
     networks:
       - docker-network
 

diff --git a/src/production/production.conf b/src/production/production.conf
@@ -3,15 +3,15 @@ server {
     listen [::]:80;
     server_name ohhaithere.com www.ohhaithere.com;
 
-    location ^~ /.well-known/acme-challenge {
-        root   /usr/share/nginx/html;
-        default_type text/plain;
-        allow all;
-    }
-
     location / {
         rewrite ^ https://$host$request_uri? permanent;
     }
+
+    #for certbot challenges (renewal process)
+    location ~ /.well-known/acme-challenge {
+        allow all;
+        root /data/letsencrypt;
+    }
 }
 
 #https://ohhaithere.com
@@ -42,12 +42,6 @@ server {
     ssl_stapling_verify on;
     resolver 8.8.8.8;
 
-    location ^~ /.well-known/acme-challenge {
-        root   /usr/share/nginx/html;
-        default_type text/plain;
-        allow all;
-    }
-
     return 301 https://www.ohhaithere.com$request_uri;
 }
 
@@ -59,8 +53,6 @@ server {
 
     server_tokens off;
 
-    ssl on;
-
     ssl_buffer_size 8k;
     ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
 
@@ -79,12 +71,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/ohhaithere.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/ohhaithere.com/privkey.pem;
 
-    location ^~ /.well-known/acme-challenge {
-        root   /usr/share/nginx/html;
-        default_type text/plain;
-        allow all;
-    }
-
     location / {
         #security headers
         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";