Hello,
Thank you for the extended help. I see there will be a lot of reading to understand all the features in nginx.
Francis Daly Wrote:
-------------------------------------------------------
> On Sat, Jun 05, 2021 at 04:28:06AM -0400, forumacct wrote:
>
> Hi there,
...
> If you have two server_names that are used, and that will *always*
> serve
> the same content as each other (and you are happy that someone who
> uses
> one name will be able to see that the other name exists), then you can
> get one certificate that is valid for both names, and configure nginx
> to
> use that for all requests that are handled in this server{}. (The
> other
> reply indicates that certbot does support this two-name certificate.)
...
That was something I also had just discovered. And that route seems to have worked for me.
I did this:
sudo certbot --nginx -d skywatcher.space -d www.skywatcher.space -d drgert.dyndns.ws
And it asked if I want to append the multiple domains into the same certificate which I confirmed. It created one file
/etc/letsencrypt/live/skywatcher.space/fullchain.pem
which has 3 sections I assume representing the three domain names. (Why do www.domain.com and domain.com count as two?)
Then a single file in sites-enabled worked for me.
vi /etc/nginx/sites-enabled/rpi3_https_2dom.conf
# Default server configuration
server {
listen 80 ;
listen 8000; # Alternate http port
root /media/usbstick/nginx/www;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name drgert.dyndns.ws skywatcher.space www.skywatcher.space; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/skywatcher.space/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/skywatcher.space/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
For your experience/background is there anything in the above that is not yet OK?
Cheers,
Gert