Somehow we all missed that - of course you can't run `http2` on port 80 and
have it work since `http2` requires SSL.
With that configuration, you would have been able to get to the chat
subdomain only by going to `https:// chat.mydomain .com:80/` - notice that
it is https but is forced back to port 80. (I purposely added spaces to
prevent that from being a link in many mail clients.)

To answer the question about LetsEncrypt renewal, you need to leave nginx
running in order for it to work since it still relies on nginx to serve the
`.well-known` files that make the domain verification work. If you would
stop nginx, you would be unable to run the validation.

The one thing that you do need to do is make sure that LetsEncrypt knows to
reload nginx when a certificate changes so that nginx can see the new
certificate file.
If you are on a system that uses SystemD, this is what you need to do:

Create a shell script in `/etc/letsencrypt/renewal-hooks/deploy` with the
following contents:

#!/bin/bash
/bin/systemctl reload nginx.service

Make sure to set it as executable, and then Certbot will run it
automatically for every renewal.

Alternatively, you can go into each file in `/etc/letsencrypt/renewal/*`
and add the following line in the `[renewalparams]` section:

deploy_hook = /bin/systemctl reload nginx

Of course, that means you need to modify the renewal file for each domain
separately.

Moshe
--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732


On Wed, May 16, 2018 at 1:42 AM Nginx-Chris <nginx-forum@forum.nginx.org>
wrote:

> Here is what makes everything work ok:
>
> In the cloud.conf (Seafile) I deleted the "http2" in the server part that
> listens on port 80 and redirects.
>
> It looks like this now:
>
> server {
>
> listen 80;
> listen [::]:80;
> server_name cloud.mydomain.com;
>
> rewrite ^ https://$http_host$request_uri? permanent; # force
> redirect
> http to https
>
> # Enables or disables emitting nginx version on error pages and in the
> "Server" response header field.
> server_tokens off;
>
> }
>
> Noe everything works fine.
>
> I am not sure what advantage / disadvantage http2 had, to be honest.
>
> Maybe the http2 part should only be inside the config part that configures
> the 443 access?
>
> Well, this did the trick at least.
>
> I am still interested in the config that you posted on gist though.
> It looks really tidy and well organised.
>
> So I would still like to know if I can leave Nginx running for letsencrypt
> bot to work ;-))
>
> Greetings, Chris
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279811#msg-279811
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx