8

I am trying to setup my nginx and django to be able to renew certificates. However something goes wrong with my webroot-plugin

in nginx:

location ~ /.well-known {
    allow all;
}

But when I run the renewal command:

./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=/home/sult/huppels -d huppels.nl -d www.huppels.nl

However it seems that the cert renewal wants to retrieve a file from my server cause i get the following error.

The following errors were reported by the server:

Failed authorization procedure. www.huppels.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.huppels.nl/.well-known/acme-challenge/some_long_hash [51.254.101.239]: 400

How do i make this possible with nginx or django?

Improve this question

1 Answer 1

Reset to default
16

I have my Django app running with gunicorn. I followed the instructions here.

I made sure to include the proper location blocks:

location /static  {
    alias /home/user/webapp;
}

location / {
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Making sure to include any template location alias as well.

I set the .well-known location block like this;

location /.well-known {
    alias /home/user/webapp/.well-known;
}

Pointing it directly do the root of the webapp instead of using the allow all.

I did have to make sure that I only used the non ssl block until the certificate was generated then I used a different nginx config based on h5bps nginx configs.

Note: Make sure you have proper A records for you domain pointing to www if you are going to use h5bp to redirect to www.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What a great answer. Thanks so much, this is the only way to set up Django.
Exactly what I was looking for - Thx

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.