Let's Encrypt Proxy

When you’re proxying a back-end server that’s making let’s encrypt challenges for it’s own purposes, you need a webroot to handle those requests.

vi /etc/nginx/conf.d/some.server.org.conf


#
# Redirect requests for the site that are unencrypted, except for let's encrypt challenges
#
server {
        listen 80;
        server_name some.your.org;

        location / {
                return 301 https://$host$request_uri;
        }

        # Allow access to the ACME Challenge for Let's Encrypt
        location ^~ /.well-known/acme-challenge {
            allow all;
            root /var/www/some.your.org/htdocs;
        }
}
server {
        listen 443 ssl;
...
...

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 14, 2026: Old site imports (677647f)