Previous Message Next Message
Forum List Message List New Topic Print View
Francis Daly
June 09, 2021 07:18PM
On Sat, Jun 05, 2021 at 06:32:42PM -0400, forumacct wrote:

Hi there,

> I did this:
> sudo certbot --nginx -d skywatcher.space -d www.skywatcher.space -d
> drgert.dyndns.ws
>
> And it asked if I want to append the multiple domains into the same
> certificate which I confirmed. It created one file
> /etc/letsencrypt/live/skywatcher.space/fullchain.pem
> which has 3 sections I assume representing the three domain names. (Why do
> www.domain.com and domain.com count as two?)

My guess is that any pattern that the client should attempt to match the
hostname they chose to use against, counts as "one". So two different
strings are two.

> Then a single file in sites-enabled worked for me.
>
> vi /etc/nginx/sites-enabled/rpi3_https_2dom.conf
> # Default server configuration
> server {
> listen 80 ;
> listen 8000; # Alternate http port
> root /media/usbstick/nginx/www;
>
> # Add index.php to the list if you are using PHP
> index index.php index.html index.htm;
> server_name drgert.dyndns.ws skywatcher.space www.skywatcher.space;
> # managed by Certbot
>
> location / {
> # First attempt to serve request as file, then
> # as directory, then fall back to displaying a 404.
> try_files $uri $uri/ =404;
> }
>
> # pass PHP scripts to FastCGI server
> location ~ \.php$ {
> include snippets/fastcgi-php.conf;
> fastcgi_pass unix:/run/php/php7.3-fpm.sock;
> }
>
> listen 443 ssl; # managed by Certbot
> ssl_certificate /etc/letsencrypt/live/skywatcher.space/fullchain.pem; #
> managed by Certbot
> ssl_certificate_key /etc/letsencrypt/live/skywatcher.space/privkey.pem;
> # managed by Certbot
> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
> }
>
> For your experience/background is there anything in the above that is not
> yet OK?

It looks like it should work as-is.

I think that the try_files line in "location /" is probably unnecessary,
since it mostly reflects what the default is anyway.

And I think that the "# managed by Certbot" lines, once they are set up
once, probably never need to be changed if the tool is "just" renewing the
same cert in future -- all the next run of Certbot needs do is replace the
ssl_certificate file contents, and cause nginx to read the new content.

(Maybe that is what it does anyway.)

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Serve same website under two URLs / domains with certbot

forumacct June 04, 2021 11:23PM

Re: Serve same website under two URLs / domains with certbot

Francis Daly June 05, 2021 03:22PM

Re: Serve same website under two URLs / domains with certbot

forumacct June 05, 2021 05:06PM

Re: Serve same website under two URLs / domains with certbot

Francis Daly June 09, 2021 07:18PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 288
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready