Browser gets served certificate for exzibyte.com when navigating to media.exzibyte.com causing the browser to refuse to serve the website. I have separate certificates for each one cause media.exzibyte.com is running jellyfin on a VM separate from the NGINX server that is acting as a reverse proxy. exzibyte.com is on the same VM but its a different web server instance running Heimdall the dashboard
My domain is: exzibyte.com
My domain with the issue is media.exzibyte.com
I ran this command: certbot certonly --standalone -d media.exzibyte.com certbot certonly --standalone -d exzibyte.com
It produced this output:
the typical success output
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot - 1.12.0
Have you restarted nginx recently? Your nginx coding mixes the HTTP and HTTPS server blocks. While that can work people often get it wrong and there are much easier and better ways to do that.
And, why are you using --standalone when you have a perfectly good nginx webserver. --standalone requires nginx to be stopped but using --nginx or --webroot uses the running nginx system so needs no downtime.
This is the 3rd very odd jellyfin config we've seen in last couple days. Is there some new blog around or something for this? What reference did you use?
The Jellyfin Official Documentation says to create the jellyfin.conf in the conf.d folder I found this odd too Nginx | Jellyfin
Used standalone cause of how the documentation on pterodactyl creates the web server it won't allow you to restart nginx without the SSL certificate already available and we can't create the SSL certificate without the virtual host being available because certbot can't find the virtual host with the domain name (pterodactyl provides a virtual host file)
I have restarted nginx (in fact just restarted the VM entirely that is hosting nginx about 15 minutes ago)
That is not a fully accurate description of nginx. To start an HTTPS (port 443) server block yes you must have a valid cert but you can "bootstrap" such a system with a self-signed cert. If Pterodactyl won't let you that is a failing in it.
That sounds wrong too. Using Certbot with --nginx or --webroot needs nginx running but it only needs an HTTP (port 80) server block active. No certs or port 443 server block are needed for these methods.
You had a dedicated HTTP server block but then commented out lines so merged the port 80 and 443 server blocks into one.
This all just seems like poor instructions written by someone. Perhaps pterodactyl. Do you have a link for it?
I see. Pterodactyl instructions are poor. They say "get a cert" but give no clue how to setup nginx or apache to allow getting a cert with the --nginx or --apache plug-in examples they show. It then has a detailed nginx conf relying on a cert and says "use this".
It also gives a --standalone example but doesn't describe how to stop/start nginx to do that or the implications of renewing with this method.
If you want help sorting your issue out please show result of this command. This is the last time I will ask. What I saw in your nginx should work so some piece must not be as expected. This is best place to start.