Certbot combining all my vhosts into the nginx.conf file

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
multiple virtual hosts

I ran this command:
sudo certbot --nginx --cert-name [mydomain].org -d [sub1].[mydomain].org,[sub2].[mydomain].org,[sub3].[mydomain].org,www.[mydomain2].com

It produced this output:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf <--- why all in the main config file??
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf <--- why all in the main config file??
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf <--- why all in the main config file??
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf <--- why all in the main config file??

My web server is (include version):
nginx version: nginx/1.16.1

The operating system my web server runs on is (include version):
Fedora 32

My hosting provider, if applicable, is:
local

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.3.0

========================
All of my virtual hosts are being configured from their respective .conf files and served on http just fine. But when the certbot command runs, it is putting all of the certs and redirects into the main nginx.conf file.

I did this prior and am trying to rebuild the server and when I ran this same (I think) process it edited all of my respective [domain].conf files with the redirect and the certs.

Each of my vhosts looks like this...

server {
listen 80 [sub].[domain].org;
listen [::]:80 [sub].[domain].org;
root /usr/share/nginx/html; <--- I tried separate roots for each one with no change

# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;   <-- I tried to comment this out with no change.

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

}

And my main nginx.conf looks like this:

For more information on configuration, see:

* Official English Documentation: nginx documentation

* Official Russian Documentation: nginx: документация

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;
types_hash_bucket_size 128;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

Settings for a TLS enabled server.

server {

.

.

.

}

 include /usr/nginx/sites-enabled/*.conf;   <--- this is where all of the vhost files are

############## everything below is the error I am talking about ##############
####### why are these all here instead of in their respective .conf files? ######
server {
server_name [sub1].[domain].org [sub2].[domain].org [sub3].[domain].org www.[domain2].com; # managed by Certbot
root /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[domain].org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[domain].org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = www.[domain2].com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = [sub3].[domain].org) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = [sub2].[domain].org) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = [sub1].[domain].org) {
    return 301 https://$host$request_uri;
} # managed by Certbot

    listen       80 ;
    listen       [::]:80 ;
server_name [sub1].[domain].org [sub2].[domain].org [sub3].[domain].org www.[domain2].com;
return 404; # managed by Certbot

}
}

I don't see a server_name directive in your vhosts?

Darn it, thank you. Thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.