Troubleshooting SSL certificates
Overview
If you run into difficulties configuring SSL certificates with Cloud 66, this guide may be able to help.
Non-secure HTTP endpoint required
Let's Encrypt needs a non-secure HTTP endpoint - i.e. <your-application-domain>/.well-known/acme_challenge/*
to invoke and reissue certificates.
If you have your application set to redirect from HTTP to HTTPS you will need to deactivate this.
Trouble downloading challenge file
If, while configuring a standard (i.e. NOT wildcard) Let's Encrypt certificate you see an error similar to this:
...you need to go through the following steps:
- Delete the SSL certificate (vital)
- If you use Cloudflare, ensure you have have Page Rule in place (see above)
- There could be some sections missing (or misconfigured) in your Nginx config, probably due to customization or config file not being up to date. The following blocks take care of redirections. Ensure these sections of your own Nginx config match up with the examples below.