Serve same website under two URLs / domains with certbot

forumacct nginx-forum at forum.nginx.org
Sat Jun 5 22:32:42 UTC 2021


Hello,

Thank you for the extended help. I see there will be a lot of reading to
understand all the features in nginx.

Francis Daly Wrote:
-------------------------------------------------------
> On Sat, Jun 05, 2021 at 04:28:06AM -0400, forumacct wrote:
> 
> Hi there,
...

> If you have two server_names that are used, and that will *always*
> serve
> the same content as each other (and you are happy that someone who
> uses
> one name will be able to see that the other name exists), then you can
> get one certificate that is valid for both names, and configure nginx
> to
> use that for all requests that are handled in this server{}. (The
> other
> reply indicates that certbot does support this two-name certificate.)
...

That was something I also had just discovered. And that route seems to have
worked for me.

I did this:
sudo certbot --nginx -d skywatcher.space -d www.skywatcher.space -d
drgert.dyndns.ws 

And it asked if I want to append the multiple domains into the same
certificate which I confirmed. It created one file
/etc/letsencrypt/live/skywatcher.space/fullchain.pem
which has 3 sections I assume representing the three domain names. (Why do
www.domain.com and domain.com count as two?)

Then a single file in sites-enabled worked for me.

vi /etc/nginx/sites-enabled/rpi3_https_2dom.conf 
# Default server configuration
server {
	listen 80 ;
        listen 8000; # Alternate http port
        root /media/usbstick/nginx/www;

	# Add index.php to the list if you are using PHP
	index index.php index.html index.htm;
        server_name drgert.dyndns.ws skywatcher.space www.skywatcher.space;
# managed by Certbot

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/run/php/php7.3-fpm.sock;
	}

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/skywatcher.space/fullchain.pem; #
managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/skywatcher.space/privkey.pem;
# managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

For your experience/background is there anything in the above that is not
yet OK?

Cheers,
Gert

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291774,291781#msg-291781



More information about the nginx mailing list