function letsencrypt_provision_nginx_vhost_config in Aegir HTTPS 7.3
Implements hook_provision_nginx_vhost_config().
Allow access to letsencrypt.org ACME challenges directory.
This is already defined in the server configuration for HTTP, before certificates are generated, but we still need it for the HTTPS vhost to permit renewals.
See also
https://github.com/lukas2511/dehydrated/blob/master/docs/wellknown.md
File
- submodules/
letsencrypt/ drush/ letsencrypt.drush.inc, line 144 - A Let's Encrypt implementation of the Certificate service for Provision.
Code
function letsencrypt_provision_nginx_vhost_config($uri, $data) {
if (d()->type != 'site') {
return '';
}
$server = d()->platform->web_server;
if ($server->Certificate_service_type == 'LetsEncrypt' && ($challenge_path = $server->letsencrypt_challenge_path)) {
drush_log(dt("Injecting Let's Encrypt 'well-known' ACME challenge directory ':path' into Nginx vhost entry.", array(
':path' => $challenge_path,
)));
$lines = array();
$lines[] = " # Allow access to letsencrypt.org ACME challenges directory.";
$lines[] = " location ^~ /.well-known/acme-challenge {";
$lines[] = " alias {$challenge_path};";
$lines[] = " try_files \$uri 404;";
$lines[] = " }";
$lines[] = "\n";
return implode("\n", $lines);
}
}