Fix nginx handling of acme challenges.

roles/nginx/tasks/main.yml

@@ -2,42 +2,33 @@
 
 - name: Enable backports
   apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
-  tags: nginx
 
 - name: Install nginx
-  apt: name=nginx default_release=jessie-backports state=present
-  tags: nginx
+  apt: name=nginx default_release=jessie-backports state=latest
 
 - name: Create certificate directory
   file: path=/etc/nginx/ssl state=directory mode=0750
-  tags: nginx
 
 - name: Ensure certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
   notify: Restart nginx
-  tags: nginx
 
 - name: Ensure correct certificate permissions
   file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
   notify: Restart nginx
-  tags: nginx
 
 - name: Create DH parameters
   command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
   with_items:
   - /etc/nginx/dhparam.pem
-  tags: nginx
 
-- name: Configure nginx default vhost
+- name: Configure default vhost
   copy: src=nginx.conf dest=/etc/nginx/nginx.conf
   notify: Restart nginx
-  tags: nginx
 
-- name: Configure nginx default vhost
+- name: Enable default vhost
   template: src=default.j2 dest=/etc/nginx/sites-available/default
   notify: Restart nginx
-  tags: nginx
 
 - name: Start nginx
   service: name=nginx state=started enabled=yes
-  tags: nginx

roles/nginx/templates/default.j2

@@ -5,9 +5,9 @@ server {
 	server_name _;
 	server_name_in_redirect on;
 
-	location '/.well-known/acme-challenge' {
+	location /.well-known/acme-challenge/ {
 		default_type "text/plain";
-		root /tmp/letsencrypt-auto;
+		root /var/www/acme-challenge/;
 	}
 
 	location / {