Hi All,
I have 2 domains on 1 server, first domain: kitucafe.com (Main), second domain is: hakicooks.com
I installed 2 separated certificates for these 2 domains.
The first domain work fine, the second domain having invalid certificate error as it used the certificate of the first domain.
When I am running certbot-auto certificates, here is the result
Found the following certs:
Certificate Name: hakicooks.com
Domains: hakicooks.com www.hakicooks.com
Expiry Date: 2019-10-07 00:09:57+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/hakicooks.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hakicooks.com/privkey.pem
Certificate Name: kitucafe.com
Domains: kitucafe.com www.kitucafe.com
Expiry Date: 2019-10-06 22:32:53+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/kitucafe.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/kitucafe.com/privkey.pem
The operating system my web server runs on is (include version): Centos 7
The version of my client is certbot-auto --version
Please help me .
Thank you
_az
July 9, 2019, 2:19am
2
What’s the output of this command?
grep -RiE "server_name|ssl_certificate" /etc/nginx
Thank you for your quick reply
here is the result
/etc/nginx/nginx.conf: server_names_hash_bucket_size 128;
/etc/nginx/uwsgi_params:uwsgi_param SERVER_NAME $server_name;
/etc/nginx/fastcgi_params:fastcgi_param SERVER_NAME $server_name;
/etc/nginx/scgi_params:scgi_param SERVER_NAME $server_name;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name www.hakicooks.com ;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name hakicooks.com www.hakicooks.com ;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name www.hakicooks.com ;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com kitucafe.com ;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com ;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate /etc/letsencrypt/live/kitucafe.com/fullchain.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate_key /etc/letsencrypt/live/kitucafe.com/privkey.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com ;
/etc/nginx/conf.d/www.kitucafe.com.conf: error_page 497 https://$server_name:$server_port$request_uri;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate /etc/letsencrypt/live/kitucafe.com/fullchain.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate_key /etc/letsencrypt/live/kitucafe.com/privkey.pem;
_az
July 9, 2019, 2:29am
4
I believe that your problem is one of the instances of:
That line should say:
server_name www.hakicooks.com hakicooks.com;
so that it matches both versions of the domain.
The reason I suspect this is the solution is that https://www.hakicooks.com works, but https://hakicooks.com doesn't. (They both look like they don't work, but it's just because of a redirect).
But you need to fix it in the right place, inside the server
with listen 443;
.
Thank you very much, The issue about the invalid certificate is fixed now, But It have the new problem " hakicooks.com redirected you too many times."
Can you please help?
Thank you
_az
July 9, 2019, 2:47am
6
Can you post the whole www.hakicooks.com.conf
?
Should be a pretty simple matter of fixing up your redirect, but I need to see the file to see how you’ve set it up so far.
Here is the code
server {
listen 443 ssl;
server_name www.hakicooks.com hakicooks.com ;
# SSL
ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
rewrite ^(.*) https://hakicooks.com$1 permanent;
}
server {
listen 80;
server_name hakicooks.com www.hakicooks.com;
rewrite ^(.*) https://hakicooks.com$1 permanent;
}
server {
listen 443 ssl;
# access_log off;
access_log /home/www.hakicooks.com/logs/access.log;
# error_log off;
error_log /home/www.hakicooks.com/logs/error.log;
root /home/www.hakicooks.com/public_html;
index index.php index.html index.htm;
server_name www.hakicooks.com;
_az
July 9, 2019, 2:50am
8
It looks like some of the file got cut off at the end.
If you have trouble copying it, you can also try:
cat /etc/nginx/conf.d/www.hakicooks.com.conf | curl -F 'clbin=<-' https://clbin.com
Hi , sorry for the problem. here is the full code:
server {
listen 443 ssl;
server_name www.hakicooks.com hakicooks.com;
# SSL
ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
rewrite ^(.*) https://hakicooks.com$1 permanent;
}
server {
listen 80;
server_name hakicooks.com www.hakicooks.com;
rewrite ^(.*) https://hakicooks.com$1 permanent;
}
server {
listen 443 ssl;
# access_log off;
access_log /home/www.hakicooks.com/logs/access.log;
# error_log off;
error_log /home/www.hakicooks.com/logs/error.log;
root /home/www.hakicooks.com/public_html;
index index.php index.html index.htm;
server_name www.hakicooks.com;
# SSL
ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
# DH parameters
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000" always;
# Custom configuration
include /home/www.hakicooks.com/public_html/*.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/www.hakicooks.com/public_html$fastcgi_script_name;
}
# Disable .htaccess and other hidden files
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
gzip_static off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ~* \.(txt|js|css)$ {
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
}
_az
July 9, 2019, 2:58am
10
Alright.
So two fixes:
Remove the first server
which does nothing but cause a redirect loop
Update server_name
of the bottom server
with both versions of the domain.
Here’s the full updated config file:
server {
listen 80;
server_name hakicooks.com www.hakicooks.com;
rewrite ^(.*) https://hakicooks.com$1 permanent;
}
server {
listen 443 ssl;
# access_log off;
access_log /home/www.hakicooks.com/logs/access.log;
# error_log off;
error_log /home/www.hakicooks.com/logs/error.log;
root /home/www.hakicooks.com/public_html;
index index.php index.html index.htm;
server_name hakicooks.com www.hakicooks.com;
# SSL
ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
# DH parameters
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000" always;
# Custom configuration
include /home/www.hakicooks.com/public_html/*.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/www.hakicooks.com/public_html$fastcgi_script_name;
}
# Disable .htaccess and other hidden files
location ~ /\.(?!well-known).* {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {
gzip_static off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
location ~* \.(txt|js|css)$ {
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
expires 30d;
break;
}
}
Edits: dumb forum formatting, I give up trying to get it to do the right thing.
1 Like
Thank you so much, you save my life :)!
Last question for the day please.
I already rewrite ^(.*) https://hakicooks.com why my url still https://www.hakicooks.com/
Do I need to add any extra code?
Thank you in advance
_az
July 9, 2019, 3:06am
12
WordPress is performing the redirect from hakicooks.com to www.hakicooks.com , not nginx.
I think if you want to do the other way around, you will need to change it inside WordPress (after locating the right setting/plugin).
Thank you so much for your valuable information.
I hope you have a good week ahead.
Once again thank you.
system
Closed
August 8, 2019, 3:12am
14
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.