Let's Encrypt Ssl Using Webroot Authenticator
January 11, 2018tls-sni challenge disabled
If you try to obtain SSL using sudo certbot --nginx -d mydomain.com -d www.mydomain.com
, you might bump into the following error due to tls-sni challenge disabled.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
NOTE: The above problem can be solved by Upgrading Cerbot to 0.21.1.
Alternatively, you can setup ssl for nginx using --authenticator webroot
.
First, setup nginx to handle /.well-known/acme-challenge/*
request.
Multiple domains can share their acme-challenge
in the same location, either in /usr/share/nginx/letsencrypt
or /var/www/letsencrypt
.
server {
...
location /.well-known/acme-challenge/ {
root /usr/share/nginx/letsencrypt;
}
}
Restart nginx.
sudo service nginx restart
Execute certbot
to use --authenticator webroot
.
sudo certbot --authenticator webroot --webroot-path /usr/share/nginx/letsencrypt -d www.mydomain.com
Note: the authenticator will create authentication files at /usr/share/nginx/letsencrypt/.well-known/acme-challenge/*
and access http://www.mydomain.com/.well-known/acme-challenge/*
to retrieve such file for authentication.
Note: /usr/share/nginx/letsencrypt/.well-known/acme-challenge/
is deleted automatically after authentication, whether success or fail.
- algo-trading
- algolia
- analytics
- android
- android-ktx
- android-permission
- android-studio
- apps-script
- bash
- binance
- bootstrap
- bootstrapvue
- chartjs
- chrome
- cloud-functions
- coding-interview
- contentresolver
- coroutines
- crashlytics
- crypto
- css
- dagger2
- datastore
- datetime
- docker
- eslint
- firebase
- firebase-auth
- firebase-hosting
- firestore
- firestore-security-rules
- flask
- fontawesome
- fresco
- git
- github
- glide
- godot
- google-app-engine
- google-cloud-storage
- google-colab
- google-drive
- google-maps
- google-places
- google-play
- google-sheets
- gradle
- html
- hugo
- inkscape
- java
- java-time
- javascript
- jetpack-compose
- jetson-nano
- kotlin
- kotlin-serialization
- layout
- lets-encrypt
- lifecycle
- linux
- logging
- lubuntu
- markdown
- mate
- material-design
- matplotlib
- md5
- mongodb
- moshi
- mplfinance
- mysql
- navigation
- nginx
- nodejs
- npm
- nuxtjs
- nvm
- pandas
- payment
- pip
- pwa
- pyenv
- python
- recylerview
- regex
- room
- rxjava
- scoped-storage
- selenium
- social-media
- ssh
- ssl
- static-site-generator
- static-website-hosting
- sublime-text
- ubuntu
- unit-test
- uwsgi
- viewmodel
- viewpager2
- virtualbox
- vue-chartjs
- vue-cli
- vue-router
- vuejs
- vuelidate
- vuepress
- web-development
- web-hosting
- webpack
- windows
- workmanager
- wsl
- yarn