SSLs are failing to renew
- MySquash / UltraVulture due for renewal in <1 month
- Failing because Nginx is not allowing access to .well-known dir
- Need to debug syntax and rerun certbot-auto renew
Maybe related to SSL redirection. I think LetsEncrypts requests that file over http
Could HSTS interfere?
Update: One domain was failing due to out of date LetsEncrypt config (pointing to an old install folder).
Got it going by disabling force HTTPS redirect, creating .well-known/acme-challenge and rerunning.
Should be able to delete .well-known and leave it to LetsEncrypt to create those.
Update2:
/etc/letsencrypt/renewal/www.mysquash.pro.conf referred to old install directory (I bump directory when upgrading Laravel).
So .well-known would have been created in wrong path. Pointed to mysquash54, but cannot test yet as now there have been too many recent fails of the domain 🙁
I may have passed through the correct nginx config along the way and not known it.