--- /dev/null
+#############################################################################
+# Configuration file for Let's Encrypt ACME Challenge location
+#############################################################################
+#
+# This config enables to access /.well-known/acme-challenge/xxxxxxxxxxx
+# on all a Web site (HTTP), including all subdomains.
+# This is required by ACME Challenge (webroot authentication).
+# You can check that this location is working by placing ping.txt here:
+# /var/www/letsencrypt/.well-known/acme-challenge/ping.txt
+# And pointing your browser to:
+# http://xxx.domain.tld/.well-known/acme-challenge/ping.txt
+#
+# Sources:
+# https://community.letsencrypt.org/t/howto-easy-cert-generation-and-renewal-with-nginx/3491
+#
+#############################################################################
+
+# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
+# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
+# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
+location ^~ /.well-known/acme-challenge/ {
+
+ # Set correct content type. According to this:
+ # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
+ # Current specification requires "text/plain" or no content header at all.
+ # It seems that "text/plain" is a safe option.
+ default_type "text/plain";
+
+ # This directory must be the same as in /etc/letsencrypt/cli.ini
+ # as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
+ # there to "webroot".
+ # Do NOT use alias, use root! Target directory is located here:
+ # /var/www/common/letsencrypt/.well-known/acme-challenge/
+ root /var/www/letsencrypt;
+ }
+
+# Hide /acme-challenge subdirectory and return 404 on all requests.
+# It is somewhat more secure than letting Nginx return 403.
+# Ending slash is important!
+location = /.well-known/acme-challenge/ {
+ return 404;
+ }
define(`NAME',`changedechaine.org')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
define(`NAME',`cyclofficinedangouleme.org')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
define(`SITE',`DOMAIN/burettes')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/org/heureux-cyclage/burettes/name.conf;
- return 301 https://$host$request_uri;
+ location / {
+ return 301 https://$host$request_uri;
+ }
}
server {
listen 443;
define(`SITE',`DOMAIN/clavette-grenoble')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
define(`SITE',`DOMAIN/clavette-lyon')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
--- /dev/null
+# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Let's Encrypt with
+# "--help" to learn more about the available options.
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Uncomment and update to register with the specified e-mail address
+email = admin+letsencrypt@heureux-cyclage.org
+
+# Uncomment and update to generate certificates for the specified
+# domains.
+domains = heureux-cyclage.org, agendav.heureux-cyclage.org, ateliers.heureux-cyclage.org, autoconfig.heureux-cyclage.org, bicloud.heureux-cyclage.org, burette.heureux-cyclage.org, burette.atelier-etincelle.heureux-cyclage.org, burette.autourducycle.heureux-cyclage.org, burette.bretzselle.heureux-cyclage.org, burette.changedechaine.heureux-cyclage.org, burette.convibicy.heureux-cyclage.org, burette.cyclamaine.heureux-cyclage.org, burette.cyclesetmanivelles.heureux-cyclage.org, burette.cyclocoop.heureux-cyclage.org, burette.cyclofficineangouleme.heureux-cyclage.org, burette.dynamo.heureux-cyclage.org, burette.etudesetchantiersidf.heureux-cyclage.org, burette.eturecup.heureux-cyclage.org, burette.labecaneajules.heureux-cyclage.org, burette.lapetiterennes.heureux-cyclage.org, burette.laptiterustine.heureux-cyclage.org, burette.larouelibre.heureux-cyclage.org, burette.lechatperche.heureux-cyclage.org, burette.mig.heureux-cyclage.org, burette.mobilidees.heureux-cyclage.org, burette.ocivelo.heureux-cyclage.org, burette.ohcyclo.heureux-cyclage.org, burette.ptitvelo.heureux-cyclage.org, burette.recupr.heureux-cyclage.org, burette.repeyre.heureux-cyclage.org, burette.rouepet.heureux-cyclage.org, burette.tousdeuxroues.heureux-cyclage.org, burette.txirrindola.heureux-cyclage.org, burette.velorutiontoulouse.heureux-cyclage.org, burette.velosenville.heureux-cyclage.org, burettes.heureux-cyclage.org, caldavzap.heureux-cyclage.org, cartes.heureux-cyclage.org, changedechaine.heureux-cyclage.org, clavette-grenoble.heureux-cyclage.org, clavette-lyon.heureux-cyclage.org, cyclocamp.heureux-cyclage.org, cyclocoop.heureux-cyclage.org, cyclofficinedangouleme.heureux-cyclage.org, davical.heureux-cyclage.org, demo.burette.heureux-cyclage.org, fanout.heureux-cyclage.org, formations.heureux-cyclage.org, git.heureux-cyclage.org, imap.heureux-cyclage.org, lesjantesdunord.heureux-cyclage.org, mail.heureux-cyclage.org, mx.heureux-cyclage.org, notifications.heureux-cyclage.org, ns.heureux-cyclage.org, pop.heureux-cyclage.org, ptitvelo.heureux-cyclage.org, questionnaires.heureux-cyclage.org, ra.heureux-cyclage.org, remorque.heureux-cyclage.org, rencontres.heureux-cyclage.org, rouepet.heureux-cyclage.org, roundcube.heureux-cyclage.org, shell.heureux-cyclage.org, smtp.heureux-cyclage.org, stats.heureux-cyclage.org, submission.heureux-cyclage.org, sympa.heureux-cyclage.org, sympa.cyclocoop.heureux-cyclage.org, sympa.lesjantesdunord.heureux-cyclage.org, sympa.ptitvelo.heureux-cyclage.org, velocampus.heureux-cyclage.org, velosenville.heureux-cyclage.org, www.heureux-cyclage.org
+# burette.velocampus_nantes.heureux-cyclage.org
+
+# Uncomment to use a text interface instead of ncurses
+# text = True
+
+# Uncomment to use the standalone authenticator on port 443
+# authenticator = standalone
+# standalone-supported-challenges = tls-sni-01
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+authenticator = webroot
+webroot-path = /var/www/letsencrypt/
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
define(`SITE',`DOMAIN/www')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;
define(`NAME',`lesjantesdunord.org')dnl
server {
listen 80;
+ include /etc/nginx/conf.d/letsencrypt.conf;
include /etc/nginx/SITE/common.conf;
access_log /home/www/log/SITE/access.log main;
error_log /home/www/log/SITE/error.log warn;