Browsing domain without hostname gets 404

My domain is:

I ran this command: I installed a cert for

When i try to remotely access, the error I get in nginx access.log is 404 for /

I have this in sites-available/nginx...

server {
server_name localhost;

And certbot added this...

server {
if ($host = {
return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80;
    server_name localhost;
return 404; # managed by Certbot

It produced this output: browsing works for http and https for, but gets error 404 for i have DNS A record for both AND Do I have to get a wildcard certificate, or what am I missing? The error seems to be inside nginx, not dns.

My web server is (include version): nginx 1.18

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.18

Only covers the WWW name.
You can also repeat that for the base domain:

if ($host = {
return 301 https://$host$request_uri;
} # base domain

have it always redirect, with:
return 301 https://$host$request_uri;
[removing the IF statement altogether]
If you chose this path, then also remove the line:

1 Like

Thank you. I did that, and it works technically, but the user gets a massive warning page to GO BACK because the requested domain name doesn't match the cert.
What is the recommended way to get a certificate for BOTH AND

Please show the output of:
certbot certificates
& also
sudo nginx -T

More or less:
certbot --nginx -d ","
[adjust accordingly to as you obtained the single named cert]

Then once you have obtained a cert with both names, we have to ensure nginx is using that new cert.
If so, then we can delete the old single named cert.

1 Like

Awesome. Thank you @rg305. certbot --nginx -d "," worked brilliantly and instantly! It asked me if I wanted to "expand and replace" the existing certificate.

1 Like

Yeah! certbot uses AI from the future and was backported to be used by us mere mortals - LOL
Joking aside, the guys and gals that do the work on certbot are the ones that deserve the real thanks.
I'm just an usher in their show.

Cheers from Miami :beers:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.