From 059daa77aa4474307552ca69c3a839c1323c2370 Mon Sep 17 00:00:00 2001
From: Arpad Krejczinger <krejczinger.arpad@gmail.com>
Date: Sat, 15 Nov 2025 22:30:01 +0100
Subject: [PATCH] Fix SSL certificate renewal for Let's Encrypt

Allow ACME challenge requests before HTTPS redirect:
- Add location block for /.well-known/acme-challenge/
- Prevent immediate redirect that was blocking Let's Encrypt verification
- Fixes 'Timeout during connect' errors during certbot renewal
---
 config/nginx/homelab.conf | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/config/nginx/homelab.conf b/config/nginx/homelab.conf
index ff2b064..b12f36e 100644
--- a/config/nginx/homelab.conf
+++ b/config/nginx/homelab.conf
@@ -4,9 +4,16 @@
 server {
     listen 80 default_server;
     server_name ak-homelab.duckdns.org _;
-    
-    # Redirect HTTP to HTTPS
-    return 301 https://$host$request_uri;
+
+    # Allow Let's Encrypt ACME challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # Redirect all other HTTP to HTTPS
+    location / {
+        return 301 https://$host$request_uri;
+    }
 }
 
 server {