How to fix 403 error for ".well-known" directory in nginx

.well-known 403 forbidden error

If you ever tried installing a SSL certificate (either from Let's Encrypt acme tool or other SSL certificate issuer) on a Linux machine with nginx, you probably encountered a 403 error related to .well-known directory, within your website root folder. One way to verify domain ownership is to upload a uniquely named text file in a public directory on your server. The problem is that .well-known is a hidden folder and, just like .htaccess or .htpasswd files, it is also protected from being read from the outside.  

Well, after multiple tries, I found out a workaround for this. We need to add an exception in our nginx server config file.

In your domain .conf file (in conf.d directory for centminmod) insert one of the following blocks of code (depending on the certificate provider request):

location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";


location ^~ /.well-known/pki-validation/ {
allow all;
default_type "text/plain";

Now everything ending in .txt within acme-challenge or pki-validation folder can be read by public.

After SSL certificate installation is done, you can comment out the exception and leave it protected.

Rate this article: 

Average: 3.9 (10 votes)




Samples of work done for me or my customers, for free or not, like websites, repairs, photography etc.
View all my recent work



I'm giving away some knowledge in my areas of expertise. Did you like something here? Share it please!
View all tutorials



Useful Linux commands or other code snippets I often use.
View my useful shortcuts



Few bookmarks I find useful. Do you want website here? Give me a good reason and I can help you.
View my favourite web resources

About me

Hi there! My name is Marius Cârneală.

About me?

Loving husband, dad of one two three, drone pilot, web designer and administrator, SEO specialist, IT support guy, electronic hobbyist and content writer. This list is open.