Hi,
I have a issue with one of my domains. I have 4 domains in my server. However one domain’s SAN is conflicting with another domain. I deleted certificates and re-issued all of them again but the problem is still there. All of my domains works with https://www..
I ran a SSL check and only 2 variants show the SAN correctly. I will explain,
1) http://wpsnappy.com -> Shows another domain as SANs
2) https://wpsnappy.com -> Shows another domain as SANs
3) http://www.wpsnappy.com -> SSL check is okay
4) https://www.wpsnappy.com -> SSL check is okay
Why does this happen? I have 4 domains in the server, no matter how I change the installation order of those domains, it still shows only the hostingexplorer.com as SAN.
Can anyone tell me what should I do?
My domain is: wpsnappy.com
I ran this command:
To generate SSL (sudo certbot --manual -d wpsnappy.com -d "*.wpsnappy.com" --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly)
It produced this output:
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
_az
October 16, 2018, 5:26am
2
Probably, you need to change:
server_name www.wpsnappy.com;
to
server_name wpsnappy.com *.wpsnappy.com;
1 Like
Hi @_az
I tried but then I get this
Is there anything to do with the certificate itself?
_az
October 16, 2018, 5:34am
4
No, the certificate is fine.
The problem is that nginx isn’t mapping the domain to the right certificate.
I strongly suspect that you have a wrong server_name somewhere. Did you reload nginx after fixing it?
What do these show:
sudo ss -tlnp | grep 443
grep -Ri server_name /etc/nginx
nginx -t
@_az
I ran these commands and the followings are the outputs I got
For sudo ss -tlnp | grep 443,
LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=9429,fd=14),("nginx",pid=9428,fd=14),("nginx",pid=9427,fd=14))
LISTEN 0 128 [::]:443 [::]:* users:(("nginx",pid=9429,fd=15),("nginx",pid=9428,fd=15),("nginx",pid=9427,fd=15))
For grep -Ri server_name /etc/nginx,
/etc/nginx/fastcgi_params:fastcgi_param SERVER_NAME $server_name;
/etc/nginx/nginx.conf: # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf: # server_name_in_redirect off;
/etc/nginx/nginx.conf: server_name _;
/etc/nginx/sites-enabled/wpblogsetup.com: server_name www.wpblogsetup.com;
/etc/nginx/sites-enabled/wpblogsetup.com: server_name wpblogsetup.com www.wpblogsetup.com;
/etc/nginx/sites-enabled/wpsnappy.com: server_name www.wpsnappy.com;
/etc/nginx/sites-enabled/wpsnappy.com: server_name wpsnappy.com www.wpsnappy.com;
/etc/nginx/sites-enabled/stackpartner.com: server_name www.stackpartner.com;
/etc/nginx/sites-enabled/stackpartner.com: server_name stackpartner.com www.stackpartner.com;
/etc/nginx/sites-enabled/hostingexplorer.com: server_name www.hostingexplorer.com;
/etc/nginx/sites-enabled/hostingexplorer.com: server_name hostingexplorer.com www.hostingexplorer.com;
/etc/nginx/scgi_params:scgi_param SERVER_NAME $server_name;
/etc/nginx/sites-available/wpblogsetup.com: server_name www.wpblogsetup.com;
/etc/nginx/sites-available/wpblogsetup.com: server_name wpblogsetup.com www.wpblogsetup.com;
/etc/nginx/sites-available/wpsnappy.com: server_name www.wpsnappy.com;
/etc/nginx/sites-available/wpsnappy.com: server_name wpsnappy.com www.wpsnappy.com;
/etc/nginx/sites-available/stackpartner.com: server_name www.stackpartner.com;
/etc/nginx/sites-available/stackpartner.com: server_name stackpartner.com www.stackpartner.com;
/etc/nginx/sites-available/hostingexplorer.com: server_name www.hostingexplorer.com;
/etc/nginx/sites-available/hostingexplorer.com: server_name hostingexplorer.com www.hostingexplorer.com;
/etc/nginx/fastcgi.conf:fastcgi_param SERVER_NAME $server_name;
/etc/nginx/uwsgi_params:uwsgi_param SERVER_NAME $server_name;
This is my server block for wpsnappy.com in nginx/sites-available
fastcgi_cache_path /var/www/wpsnappy.com/cache levels=1:2 keys_zone=WPSNAPPY:100m inactive=60m;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.wpsnappy.com;
ssl_certificate /etc/letsencrypt/live/wpsnappy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpsnappy.com/privkey.pem;
access_log /var/www/wpsnappy.com/logs/access.log;
error_log /var/www/wpsnappy.com/logs/error.log;
root /var/www/wpsnappy.com/public_html;
index index.php;
include global/restrictions.conf;
include global/cache-rules.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WPSNAPPY;
fastcgi_cache_valid 200 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
server {
listen 80;
listen [::]:80;
server_name wpsnappy.com www.wpsnappy.com;
ssl_certificate /etc/letsencrypt/live/wpsnappy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpsnappy.com/privkey.pem;
return 301 https://www.wpsnappy.com$request_uri;
}
Do you think it has to do something with my redirection to https://www?
Thanks for the help!
_az
October 16, 2018, 6:08am
6
There's your problem. Make the change I suggested earlier:
_az:
Probably, you need to change:
server_name www.wpsnappy.com;
to
server_name wpsnappy.com *.wpsnappy.com;
2 Likes
@_az
Thank you! That fixed the problem and now I’m not getting any error. Everything is working smoothly.
Thank you again!
system
November 15, 2018, 6:13am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
