NGINX, Servers

Adding a Let’s Encrypt SSL to a redirection domain
Avatar of Jonathan Reinink
David

Bristol WordPress expert and studio owner

We recently had to sort an SSL issue with a site that had been purely setup for handling redirections. For example, doing a global redirection from https://domainA.com to https://domainB.com during a company rebrand. This step is simple enough, the issue arises when Let’s Encrypt needs to re-validate and issue a new certificate after X number of months.

To do this, Let’s Encrypt needs to be able to access https://domainA.com/.well-known/acme-challenge/ and because of the redirect… It obviously can’t.

The simplest way to handle this is via the web server config, in this case, NGINX. Adding a location block specifically for that folder path before the main redirect will sort this:

location /.well-known/acme-challenge/ {
    try_files $uri $uri/
}

In the context of a whole server block, it would look something like this:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domainA.com;
    root /home/user/domainA.com;

    location /.well-known/acme-challenge/ {
        try_files $uri $uri/
    }

    location / {
        return 301 https://domainB.com;
    }
}

This allows Let’s Encrypt to access what it needs to, validate the domain and then issues a new certificate.