Can't update Let's encrypt Certificate

General Questions
#1

This may be a problem of basic knowledge, but please let me know.

I installed Mattermost as below.
Mattermost source is “/opt/mattermost”.
Mattermost domain is “mattermost.mydomain.com(e.g.)”.

I can’t update the certificate of Let’s Encrypt because I can not access the token file contained in the “.well-known” directory in “mattermost.mydomain” (not /opt/mattermost). The token file itself certainly exists in “.well-known/acme-challenge/” directory.

Is this cause redirected to /opt/mattermost?
I tried to create a symbolic link for “mattermost.mydomain/.well-known” directory in “/opt/mattermost”. But I can’t do this. I had something similar in other software, so I added the following syntax to nginx.conf.

# ACME challenge
location ^~ /.well-known {
	allow all;
	default_type "text/plain";
	try_files $uri =404;
}
location ^~ /.well-known/acme-challenge/ {
	allow all;
}

But this method could not be done either.
Please tell me how to make Let’s Encrypt system accessible under the mattermost.mydomain/.well-known directory.

Thanks for advice,

#2

Hi @Babbles,

The Let’s Encrypt file can be updated in the config.json: "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache" (https://docs.mattermost.com/administration/config-settings.html#let-s-encrypt-certificate-cache-file).

Does this help?

#3

Excuse me, I set Let’s Encrypt to be DISABLE in the setting of Mattermost(config.json). I do not use Mattermost’s Let’s Encrypt.
I must somehow let Let’s Encrypt access the token file of .well-known/acme-challenge.

I tried specifying the .well-known folder in the LetsEncryptCertificateCacheFile entry in config.json, but it seems Let’s Encrypt can not access the token file as well.

#4

Hi @Babbles,

I did some research and found some resources on the Plesk and Let’s Encrypt websites, please take a look if these help:

#5

As a result, Mattermost was irrelevant this time.

“Temporarily disable 301 redirect”
This seems to be a point. Thank you very much.