DigitalOcean droplet | Nginx, SSL, multiple domains

Help
1

Hi folks,

I’ve already got an SSL certificate for the domain fito.one and would like to obtain a second SSL certificate for another domain hybrid.xyz. How do I have to set up a second Nginx server block to avoid any issue? Unfortunately, I’m not quite sure how it should be done regarding the configured port 80 and SSL 443 port.

Thank you :slight_smile:

ubuntu@ubuntu:/etc/nginx/sites-available$ cat fito.one (working server block profile)

server {
        root /var/www/fitoone;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name fito.one www.fito.one;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
            expires max;
            log_not_found off;
        }

        listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/fito.one/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/fito.one/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}

server {
       if ($host = www.fito.one) {
        return 301 https://$host$request_uri;
       } # managed by Certbot

       if ($host = fito.one) {
        return 301 https://$host$request_uri;
       } # managed by Certbot

       server_name fito.one www.fito.one;
       return 404; # managed by Certbot

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/fito.one/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/fito.one/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.fito.one) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = fito.one) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



       listen 80 default_server;
       listen [::]:80 default_server;

       server_name fito.one www.fito.one;
    return 404; # managed by Certbot
}

ubuntu@ubuntu:/etc/nginx/sites-available$ cat hybridx.xyz (current incorrect server block profile)

server {
        root /var/www/hybridx;
        listen 8080;
        listen [::]:8080;
  	listen 443 ssl;
  	listen [::]:443 ssl;

        index index.php index.html index.htm index.nginx-debian.html;
        server_name hybridx.xyz www.hybridx.xyz;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
            expires max;
            log_not_found off;
        }
}
2 Likes
2

Hi @organic

use your existing port 80 block as template, change the domain name. The port must be the same - port 80.

Then check your port 80 with online tools to see, if that works.

Then start Certbot and let Certbot create the port 443 block.

3 Likes
3

Thanks for helping so quick mate. Nice I was able to obtain a new certificate, however it looks like domains in a conflict with each other and Wordpress website doesn’t work yet :slight_smile:

ubuntu@ubuntu:/var/www/hybridx$ sudo certbot --nginx -d hybridx.xyz -d www.hybridx.xyz

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/hybridx.xyz.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/fito.one
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/hybridx.xyz
nginx: [warn] conflicting server name "fito.one" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.fito.one" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "hybridx.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "hybridx.xyz" on 0.0.0.0:80, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/fito.one
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/hybridx.xyz
nginx: [warn] conflicting server name "fito.one" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.fito.one" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "hybridx.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "hybridx.xyz" on 0.0.0.0:80, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://hybridx.xyz and
https://www.hybridx.xyz

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hybridx.xyz
https://www.ssllabs.com/ssltest/analyze.html?d=www.hybridx.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hybridx.xyz/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hybridx.xyz/privkey.pem
   Your cert will expire on 2020-04-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
1 Like
4

Looks like I’ve just sorted it out. Somehow I removed hybridx.xyz and added a new one for foodshare.club than it’s worked out right the way. Thank you so much :slight_smile:

3 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.