This is a quick tutorial on setting up NGINX with Certbot when you’re using HTTP Basic Authentication.
HBA is what you see if you set parameters like this in a location:
auth_basic "some arbitrary name"; auth_basic_user_file /etc/nginx/path/to/my/password/file;
If you do this, you’ll see a prompt like this if you visit the site:
You can use httpasswd (an Apache tool – it’s in apache2-tools on Debian) to create the password file.
HTTP Basic Auth is a very convenient way to lock off a site while you’re working on it (or if you intend it to be forever private). Many web apps have login/authentication features and if you are managing a user base, obviously you need to use a system built for that. But for quick “me only” curtaining off a site or if you’re locking off a site where you don’t feel like investing the time and effort into authentication, it’s excellent.
However, there’ s hitch: Certbot renewals.
Certbot won’t know your HTTP Basic Auth user name and password, so when it comes to do its renewal (or the initial certificate provisioning), it fails. You could disable HBA, do the provision or renewal, and then reenable it, or you could look at a different type of challenge such as DNS. However, I’ll share a quick set-it-and-forget-it. It looks like this in your site’s NGINX config file:
location /.well-known { autoindex on; root /your/web/root/for/this/site; auth_basic off; }
What this does is tell NGINX that the directory .well-known (which is where Certbot does its challenges) is not to be protected by HTTP Basic Authentication. Every other place will be, but that one directory won’t, and Certbot will work just fine.
I like this method because it allows me to script the complete web setup: create the NGINX config file/links/users files, recycle NGINX, run certbot, and the site is then ready to go all in a single script.
Enjoy!
Related Posts:
One of the Most Useful Sites in the World is Also One of the Simplest: neverssl.com
More On Installing And Configuring Certbun For Use With Apache
Certbun, An Easier Alternative To Certbot, From Porkbun
How To Fix A CertBot CAA Error Blaming Your Nameservers
What's the Fastest WordPress Stack? Find Out on LowEndTalk!
Four Step VPS Webserver: Debian, Apache, Certbot, And Let's Encrypt!
- Elcro Digital: 4GB VPS for $5.27/Month in Dallas, With Powerful DDoS Protection and a Five-Nines SLA! - February 16, 2025
- $600,000 in Overdue Rent: Read the QuadraNet Eviction Complaints - February 15, 2025
- Wherever You Are In The World, Have Some Hosting Fun with Host4Fun! 17 Locations in North America and Europe!! - February 15, 2025
Leave a Reply