Answer the question
In order to leave comments, you need to log in
O
O
orbit0702019-06-10 16:52:12
orbit070, 2019-06-10 16:52:12
What am I doing wrong in nginx + ssl setup?
Hello.
There is a server on which there are two sites - site1.com and site2.com, and for both, ssl certificates were obtained in an identical way (using letsencrypt).
Here is what is written in Nginx for the first site:
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name site1.com;
root /var/www/site1.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ /\.ht {
deny all;
}
if ($request_uri ~* "^(.*/)index\.html$") {
return 301 $1;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
return 301 https://site1.com$request_uri;
}It would be desirable that any ways of dialing the site address be redirected to https://site1.com and the above setting fully works.
Now the second site for which certificates have been obtained in a similar way and here is its configuration:
server {
charset utf-8;
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/site2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site2.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name site2.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/site2.com;
}
location /media/ {
root /home/user/site2.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn_site2.sock;
}
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name www.site2.com;
return 301 https://site2.com$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://site2.com$request_uri;
}That is, everything seems to be identical.
If I type site2.com in the line, the redirect works, everything is fine.
If I type www.site2.com in the line - the redirect works, everything is fine.
If I type https://site2.com - everything works.
But if I type https://www.site2.com - then browsers (I tried from different ones, cleared cookies) give out:
The connection is not secure.
Failed to verify that this is the www.site2.com server. Its security certificate is for site1.com .
What have I done wrong? they have different certificates and links to these certificates are different, how did the site1 certificate interfere with the site2 certificate and why does this happen for https://www.site2.com and for other cases everything is in order? I will be grateful for any help
1 answer(s)
@orbit070
L
Lynn "Coffee Man", 2019-06-10 @orbit070
In the block with a redirect, you must also specify a certificate.
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name www.site2.com;
ssl_certificate /etc/letsencrypt/live/site2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site2.com/privkey.pem;
return 301 https://site2.com$request_uri;
}
Similar questions
A
A
C
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question