Let’s Encrypt uses a GET request to your website to automatically renew your certificate. Let’s Encrypt may encounter some 403 unauthorized when trying to make this HTTP request because it is trying to connect to http://your-site.com/.well-known/acme-challenge/a-long-hash-here. How to authorize Let’s Encrypt to connect? Let’s find out if you got nginx set up as a reverse proxy!

You can add this piece of code in your nginx.conf:

server {

    # Allow Let's Encrypt
    location ~ ^/.well-known/acme-challenge {
        allow all;
  • ~ means it’s a regex
  • ^/.well-known/acme-challenge is the beginning of the URL used by Let’s Encrypt

Before, a 403 error:

After, a 404 (which is OK in our case):

If you’re using Plesk, this configuration is found under Apache & Nginx settings of your website:

Which leads to this pretty handy text editor: