General question about basic auth and certificate renewal #2443
Replies: 1 comment 1 reply
-
|
Hi. Short answer is you don't need to worry about it, auth should not prevent the ACME challenge from completing. This is handled by the companion + proxy setup, which automatically disable auth for the ACME challenge location like this: location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}Currently we have a bit of a redundant config issue (as remarked in nginx-proxy/acme-companion#1091) because this location configuration is already in the proxy template, but acme-companion is also dynamically inserting it. There is ongoing work to deduplicate this and remove the need for acme-companion to fiddle with the config (#2446 for instance). |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer. |
Beta Was this translation helpful? Give feedback.
-
Hi there,
this isn't a request for help, as for now everything's working fine, but I was wondering about this concept :
(I'm not a total newb, let's say intermediate, I'm learning one step at a time, but came up with a pretty advanced configuration)
On a couple of new self-hosted apps I just set up (and which now got their Let's Encrypt certs), I'd like to enable http(s) basic auth.
I got this set up, it's working fine.
My question is : when the time comes to auto-renew these two certificate, will it work without issues ?
I mean : if Let's Encrypt (acme) tries to reach the subdomains, won,'t be somehow blocked at the http(s) auth step ?
Upon cert initial creation, I could see the acme requests in nginx logs, to the path that the companion+proxy are building.
But this won't work anymore through basic auth, will it ?
Or does the renewal process not need to run the same check against the domain ?
(sorry, I couldn't find any relevant info anywhere)
Thanks a lot.
Beta Was this translation helpful? Give feedback.
All reactions