From 68fa0faf4c57ab361ebbfadbe8d79da926527472 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Mon, 23 Feb 2026 00:44:39 +0000
Subject: [PATCH] nominatim: Support acme redirect on HTTPS

---
 cookbooks/nominatim/templates/default/nginx.erb | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index e5560b100..278f619b6 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -150,11 +150,12 @@ server {
         deny all;
     }
 
-     rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+    # Redirect ACME certificate challenges
+    rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
 
-     location / {
-         return 301 https://$host$request_uri;
-     }
+    location / {
+        return 301 https://$host$request_uri;
+    }
 }
 
 server {
@@ -183,6 +184,9 @@ server {
         deny all;
     }
 
+    # Redirect ACME certificate challenges (Fastly redirects from HTTP to HTTPS, so we need to handle them here)
+    rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+
     error_page 403 /403.html;
     error_page 418 /403.html;
     location /403.html {
-- 
2.39.5