From 14d656bfbd5bdb61377f76c5cef4f2f081d050d1 Mon Sep 17 00:00:00 2001
From: Peter Kessen <p.kessen@elsotec.eu>
Date: Fri, 18 Jul 2025 14:19:15 +0200
Subject: [PATCH 1/2] Add directive to avoid https redirect for acme challenge

Adresses issue #4661
---
 docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index aa52f335d..76422d9db 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -5,6 +5,9 @@ if ($scheme = "http") {
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
+if ($request_uri ~* ^/.well-known/acme-challenge/) {
+        set $test "${test}C";
+}
 if ($test = H) {
 	return 301 https://$host$request_uri;
 }

From e128fd5307b553b11ba2cdf7b7d7e971e9fcb54e Mon Sep 17 00:00:00 2001
From: Peter Kessen <p.kessen@elsotec.eu>
Date: Fri, 18 Jul 2025 14:22:48 +0200
Subject: [PATCH 2/2] Add comment

---
 docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 76422d9db..20d70d3b9 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -5,6 +5,7 @@ if ($scheme = "http") {
 if ($request_uri = /.well-known/acme-challenge/test-challenge) {
 	set $test "${test}T";
 }
+# Following ensures that all request to an acme-challenge are not redircted to https
 if ($request_uri ~* ^/.well-known/acme-challenge/) {
         set $test "${test}C";
 }