[view:googlead_ia1]
If you ever tried installing a SSL certificate (either from Let’s Encrypt acme tool or other SSL certificate issuer) on a Linux machine with nginx, you probably encountered a 403 error related to .well-known directory, within your website root folder. One way to verify domain ownership is to upload a uniquely named text file in a public directory on your server. The problem is that .well-known is a hidden folder and, just like .htaccess or .htpasswd files, it is also protected from being read from the outside.
Well, after multiple tries, I found out a workaround for this. We need to add an exception in our nginx server config file.
In your domain .conf file (in conf.d directory for centminmod) insert one of the following blocks of code (depending on the certificate provider request):
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
}
or
location ^~ /.well-known/pki-validation/ {
allow all;
default_type "text/plain";
}
Now everything ending in .txt within acme-challenge or pki-validation folder can be read by public.
After SSL certificate installation is done, you can comment out the exception and leave it protected.
