From 013310ded03de6b63885c62797395a116cbf4ce6 Mon Sep 17 00:00:00 2001
From: EDIflyer <ajr@alanjrobertson.co.uk>
Date: Sun, 13 Aug 2023 16:44:58 +0100
Subject: [PATCH] LetsEncrypt ACME redirect issue fixes #2881

---
 .../rootfs/etc/nginx/conf.d/include/force-ssl.conf  | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
index 15f0d285..93ad90f1 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/force-ssl.conf
@@ -1,3 +1,14 @@
+# Since force-ssl.conf has now moved to the server section it overrides
+# the LetsEncrypt config which is inside a location section
+# Set FORCE variable in first two if tests pass and action in the third
+set $FORCE "";
 if ($scheme = "http") {
-	return 301 https://$host$request_uri;
+        set $FORCE 'H';
 }
+if ($request_uri !~ "^\/.well-known\/acme-challenge\/(.*)") {
+        set $FORCE "${FORCE}D";
+}
+# If we are http and outside the LetsEncrypt directories redirect to https via 301
+if ($FORCE = HD) {
+        return 301 https://$host$request_uri;
+}
\ No newline at end of file