You are here

Home » API reference » Aegir HTTPS 7.3 » letsencrypt.drush.inc

function letsencrypt_provision_nginx_vhost_config in Aegir HTTPS 7.3

Implements hook_provision_nginx_vhost_config().

Allow access to letsencrypt.org ACME challenges directory.

This is already defined in the server configuration for HTTP, before certificates are generated, but we still need it for the HTTPS vhost to permit renewals.

See also

https://github.com/lukas2511/dehydrated/blob/master/docs/wellknown.md

File

submodules/letsencrypt/drush/letsencrypt.drush.inc, line 144
A Let's Encrypt implementation of the Certificate service for Provision.

Code

function letsencrypt_provision_nginx_vhost_config($uri, $data) {
  if (d()->type != 'site') {
    return '';
  }
  $server = d()->platform->web_server;
  if ($server->Certificate_service_type == 'LetsEncrypt' && ($challenge_path = $server->letsencrypt_challenge_path)) {
    drush_log(dt("Injecting Let's Encrypt 'well-known' ACME challenge directory ':path' into Nginx vhost entry.", array(
      ':path' => $challenge_path,
    )));
    $lines = array();
    $lines[] = "  # Allow access to letsencrypt.org ACME challenges directory.";
    $lines[] = "  location ^~ /.well-known/acme-challenge {";
    $lines[] = "    alias {$challenge_path};";
    $lines[] = "    try_files \$uri 404;";
    $lines[] = "  }";
    $lines[] = "\n";
    return implode("\n", $lines);
  }
}