nginx server block is configured for subdomain
server {
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
here our applcation deny access to /.well-know/acme-challenge route. That's why letsencrypt also cannot get access to this route for granting cert to subdomain
solution:
sudo echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
then add to subdomain nginx server block
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
rewrite /.well-known/acme-challenge/(.*) /$1 break;
root /var/www/letsencrypt;
}