Redirects/SEO Redirects nginx and Let's Encrypt
Redirects and SEO redirects happen directly in the server {}
block and not inside a location {}
block. Thus they get executed unconditionally on every request. Requests to /.well-known/acme-challenge
need to be excluded so that the current server can handle the Let's Encrypt verification requests. Let's Encrypt follows the redirects and thus they mostly work but if the redirection target is not on the same server they will fail – also the ISPConfig pre-issue check (skip_le_check
= n
) will not follow redirects and thus will exclude the domains from the certification issue request.
Some redirects already guard against this with a negative lookahead condition ((?!/\.well-known/acme-challenge)
. These need to be added to all possible rewrite
statements.
The rewrite
statements that do use negative lookaheads assume that a lookahead/lookbehind ((!?...)
) will create a new matching group ($1
, $2
, etc.) but this is not the case. So they use $2
where they actually should use $1
.
environment
Server OS: ubuntu
Server OS version: xenial
ISPConfig version: 3.2
nginx: 1.19.4