In renewal/*.conf, there are [[webroot_map]] blocks for each certificate to renew.
During the renewal operation, there must be a mapping between:
- <directory>/.well-known/acme-challenge
- <webserver>/.well-known/acme-challenge
For example docker.nasqueron.org = /var/letsencrypt-auto means:
- a file /var/letsencrypt-auto/.well-known/acme-challenge/foo
- must be read at http://docker.nasqueron.org/.well-known/acme-challenge/foo
We suspect some of our vhosts have conflictual location blocks.
But as @Sandlayth and me manually fixed these issues to renew a certificate, all is fine when we right now run letsencrypt renew.
A script to read these renewal configuration files and ensure the mapping works is welcome.