This is a quick tutorial on setting up NGINX with Certbot when you’re using HTTP Basic Authentication.
HBA is what you see if you set parameters like this in a location:
auth_basic "some arbitrary name"; auth_basic_user_file /etc/nginx/path/to/my/password/file;
If you do this, you’ll see a prompt like this if you visit the site:
You can use httpasswd (an Apache tool – it’s in apache2-tools on Debian) to create the password file.
HTTP Basic Auth is a very convenient way to lock off a site while you’re working on it (or if you intend it to be forever private). Many web apps have login/authentication features and if you are managing a user base, obviously you need to use a system built for that. But for quick “me only” curtaining off a site or if you’re locking off a site where you don’t feel like investing the time and effort into authentication, it’s excellent.
However, there’ s hitch: Certbot renewals.
Certbot won’t know your HTTP Basic Auth user name and password, so when it comes to do its renewal (or the initial certificate provisioning), it fails. You could disable HBA, do the provision or renewal, and then reenable it, or you could look at a different type of challenge such as DNS. However, I’ll share a quick set-it-and-forget-it. It looks like this in your site’s NGINX config file:
location /.well-known { autoindex on; root /your/web/root/for/this/site; auth_basic off; }
What this does is tell NGINX that the directory .well-known (which is where Certbot does its challenges) is not to be protected by HTTP Basic Authentication. Every other place will be, but that one directory won’t, and Certbot will work just fine.
I like this method because it allows me to script the complete web setup: create the NGINX config file/links/users files, recycle NGINX, run certbot, and the site is then ready to go all in a single script.
Enjoy!
Related Posts:
One of the Most Useful Sites in the World is Also One of the Simplest: neverssl.com
More On Installing And Configuring Certbun For Use With Apache
Certbun, An Easier Alternative To Certbot, From Porkbun
How To Fix A CertBot CAA Error Blaming Your Nameservers
What's the Fastest WordPress Stack? Find Out on LowEndTalk!
Four Step VPS Webserver: Debian, Apache, Certbot, And Let's Encrypt!
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Multiple POPs Down For Days: Is Path.net Circling the Drain? - January 30, 2025
- AI Pushes the Doomsday Clock a Second Closer to Midnight - January 29, 2025
- QuadraNet’s LA Datacenter Has Been Offline for Five Days - January 28, 2025
Leave a Reply