2 domains on 1 server, second domains has ERROR with invalid Certificate

Hi All,
I have 2 domains on 1 server, first domain: kitucafe.com (Main), second domain is: hakicooks.com
I installed 2 separated certificates for these 2 domains.
The first domain work fine, the second domain having invalid certificate error as it used the certificate of the first domain.
When I am running certbot-auto certificates, here is the result
Found the following certs:
Certificate Name: hakicooks.com
Domains: hakicooks.com www.hakicooks.com
Expiry Date: 2019-10-07 00:09:57+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/hakicooks.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/hakicooks.com/privkey.pem
Certificate Name: kitucafe.com
Domains: kitucafe.com www.kitucafe.com
Expiry Date: 2019-10-06 22:32:53+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/kitucafe.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/kitucafe.com/privkey.pem

The operating system my web server runs on is (include version): Centos 7
The version of my client is certbot-auto --version

Please help me .
Thank you

What’s the output of this command?

grep -RiE "server_name|ssl_certificate" /etc/nginx

Thank you for your quick reply
here is the result
/etc/nginx/nginx.conf: server_names_hash_bucket_size 128;
/etc/nginx/uwsgi_params:uwsgi_param SERVER_NAME $server_name;
/etc/nginx/fastcgi_params:fastcgi_param SERVER_NAME $server_name;
/etc/nginx/scgi_params:scgi_param SERVER_NAME $server_name;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name www.hakicooks.com;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name hakicooks.com www.hakicooks.com;
/etc/nginx/conf.d/www.hakicooks.com.conf: server_name www.hakicooks.com;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
/etc/nginx/conf.d/www.hakicooks.com.conf: ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com kitucafe.com;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate /etc/letsencrypt/live/kitucafe.com/fullchain.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate_key /etc/letsencrypt/live/kitucafe.com/privkey.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: server_name www.kitucafe.com;
/etc/nginx/conf.d/www.kitucafe.com.conf: error_page 497 https://$server_name:$server_port$request_uri;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate /etc/letsencrypt/live/kitucafe.com/fullchain.pem;
/etc/nginx/conf.d/www.kitucafe.com.conf: ssl_certificate_key /etc/letsencrypt/live/kitucafe.com/privkey.pem;

I believe that your problem is one of the instances of:

That line should say:

server_name www.hakicooks.com hakicooks.com;

so that it matches both versions of the domain.

The reason I suspect this is the solution is that https://www.hakicooks.com works, but https://hakicooks.com doesn't. (They both look like they don't work, but it's just because of a redirect).

But you need to fix it in the right place, inside the server with listen 443;.

Thank you very much, The issue about the invalid certificate is fixed now, But It have the new problem " hakicooks.com redirected you too many times."
Can you please help?
Thank you

Can you post the whole www.hakicooks.com.conf?

Should be a pretty simple matter of fixing up your redirect, but I need to see the file to see how you’ve set it up so far.

Here is the code
server {
listen 443 ssl;
server_name www.hakicooks.com hakicooks.com;

# SSL
ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
ssl_prefer_server_ciphers on; 
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

rewrite ^(.*) https://hakicooks.com$1 permanent;

}

server {
listen 80;

server_name hakicooks.com www.hakicooks.com;	
rewrite ^(.*) https://hakicooks.com$1 permanent;	

}

server {
listen 443 ssl;

	# access_log off;	
access_log /home/www.hakicooks.com/logs/access.log;	
	# error_log off;	
	error_log /home/www.hakicooks.com/logs/error.log;	
	
	root /home/www.hakicooks.com/public_html;	
index index.php index.html index.htm;	
	server_name www.hakicooks.com;

It looks like some of the file got cut off at the end.

If you have trouble copying it, you can also try:

cat /etc/nginx/conf.d/www.hakicooks.com.conf | curl -F 'clbin=<-' https://clbin.com

Hi , sorry for the problem. here is the full code:

server {
	listen 443 ssl;
	server_name www.hakicooks.com hakicooks.com;

	# SSL
	ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
	ssl_prefer_server_ciphers on; 
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

	rewrite ^(.*) https://hakicooks.com$1 permanent;
}

server {		
	listen 80;	
		
	server_name hakicooks.com www.hakicooks.com;	
	rewrite ^(.*) https://hakicooks.com$1 permanent;	
}		
		
server {		
	listen 443 ssl;	
		
    	# access_log off;	
	access_log /home/www.hakicooks.com/logs/access.log;	
    	# error_log off;	
    	error_log /home/www.hakicooks.com/logs/error.log;	
		
    	root /home/www.hakicooks.com/public_html;	
	index index.php index.html index.htm;	
    	server_name www.hakicooks.com;	
		# SSL
	ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
	ssl_prefer_server_ciphers on; 
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

        # Improve HTTPS performance with session resumption
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;

        # DH parameters
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        # Enable HSTS
        add_header Strict-Transport-Security "max-age=31536000" always;
		
	# Custom configuration	
	include /home/www.hakicooks.com/public_html/*.conf;	
 		
    	location / {	
		try_files $uri $uri/ /index.php?$args;
	}	
 		
    	location ~ \.php$ {	
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
        	include /etc/nginx/fastcgi_params;	
        	fastcgi_pass 127.0.0.1:9000;	
        	fastcgi_index index.php;	
		fastcgi_connect_timeout 300;
		fastcgi_send_timeout 300;
		fastcgi_read_timeout 300;
		fastcgi_buffer_size 32k;
		fastcgi_buffers 8 16k;
		fastcgi_busy_buffers_size 32k;
		fastcgi_temp_file_write_size 32k;
		fastcgi_intercept_errors on;
        	fastcgi_param SCRIPT_FILENAME /home/www.hakicooks.com/public_html$fastcgi_script_name;	
    	}	
		
	# Disable .htaccess and other hidden files	
	location ~ /\.(?!well-known).* {	
		deny all;
		access_log off;
		log_not_found off;
	}	
		
	location = /favicon.ico {	
		log_not_found off;
		access_log off;
	}	
		
	location = /robots.txt {	
		allow all;
		log_not_found off;
		access_log off;
	}	
		
	location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {	
		gzip_static off;
		add_header Pragma public;
		add_header Cache-Control "public, must-revalidate, proxy-revalidate";
		access_log off;
		expires 30d;
		break;
        }		
		
        location ~* \.(txt|js|css)$ {		
	        add_header Pragma public;	
		add_header Cache-Control "public, must-revalidate, proxy-revalidate";
		access_log off;
		expires 30d;
		break;
        }		
}

Alright.

So two fixes:

  • Remove the first server which does nothing but cause a redirect loop
  • Update server_name of the bottom server with both versions of the domain.

Here’s the full updated config file:

server {		
	listen 80;	
		
	server_name hakicooks.com www.hakicooks.com;	
	rewrite ^(.*) https://hakicooks.com$1 permanent;	
}		
		
server {		
	listen 443 ssl;	
		
    	# access_log off;	
	access_log /home/www.hakicooks.com/logs/access.log;	
    	# error_log off;	
    	error_log /home/www.hakicooks.com/logs/error.log;	
		
    	root /home/www.hakicooks.com/public_html;	
	index index.php index.html index.htm;	
    	server_name hakicooks.com www.hakicooks.com;	
		# SSL
	ssl_certificate /etc/letsencrypt/live/hakicooks.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/hakicooks.com/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
	ssl_prefer_server_ciphers on; 
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

        # Improve HTTPS performance with session resumption
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;

        # DH parameters
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        # Enable HSTS
        add_header Strict-Transport-Security "max-age=31536000" always;
		
	# Custom configuration	
	include /home/www.hakicooks.com/public_html/*.conf;	
 		
    	location / {	
		try_files $uri $uri/ /index.php?$args;
	}	
 		
    	location ~ \.php$ {	
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
        	include /etc/nginx/fastcgi_params;	
        	fastcgi_pass 127.0.0.1:9000;	
        	fastcgi_index index.php;	
		fastcgi_connect_timeout 300;
		fastcgi_send_timeout 300;
		fastcgi_read_timeout 300;
		fastcgi_buffer_size 32k;
		fastcgi_buffers 8 16k;
		fastcgi_busy_buffers_size 32k;
		fastcgi_temp_file_write_size 32k;
		fastcgi_intercept_errors on;
        	fastcgi_param SCRIPT_FILENAME /home/www.hakicooks.com/public_html$fastcgi_script_name;	
    	}	
		
	# Disable .htaccess and other hidden files	
	location ~ /\.(?!well-known).* {	
		deny all;
		access_log off;
		log_not_found off;
	}	
		
	location = /favicon.ico {	
		log_not_found off;
		access_log off;
	}	
		
	location = /robots.txt {	
		allow all;
		log_not_found off;
		access_log off;
	}	
		
	location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|eot|svg|ttf|woff)$ {	
		gzip_static off;
		add_header Pragma public;
		add_header Cache-Control "public, must-revalidate, proxy-revalidate";
		access_log off;
		expires 30d;
		break;
        }		
		
        location ~* \.(txt|js|css)$ {		
	        add_header Pragma public;	
		add_header Cache-Control "public, must-revalidate, proxy-revalidate";
		access_log off;
		expires 30d;
		break;
        }		
}

Edits: dumb forum formatting, I give up trying to get it to do the right thing.

1 Like

Thank you so much, you save my life :)!
Last question for the day please.
I already rewrite ^(.*) https://hakicooks.com why my url still https://www.hakicooks.com/
Do I need to add any extra code?
Thank you in advance

WordPress is performing the redirect from hakicooks.com to www.hakicooks.com , not nginx.

I think if you want to do the other way around, you will need to change it inside WordPress (after locating the right setting/plugin).

Thank you so much for your valuable information.
I hope you have a good week ahead.
Once again thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.