Securing Web2py with Let’s Encrypt / Certbot

In case anybody wondering the same question about using certbot/let’s encrypt and web2py: how do you serve the .well-known folder for certification, when all the request goes to wsgi handler?

1. use `–standalone` as David advised. But you have to stop the web server every time you renew.

2. instead, you can use the standard `–webroot` method. Here, you need to edit your vhost file be it apache or nginx, add a location block:

Using nginx for example:

location /.well-known {
    root /home/www-data/web2py;
}

This way, nginx will server the .well-known and skip passing it onto uwsgi/web2py. Make sure you restart nginx after making this server conf change and use

sudo certbot certonly/renew --webroot -w /home/www-data/web2py -d example.com -d www.example.com