Letsencrypt non ssl domain showing to ssl domain home page

codetestmg · May 5, 2020, 5:49pm

I have 6 domains in my vps server.In that 4 domains has letsencrypt ssl and two domains doesnt have ssl since client dont want.

for example ssl domain

https://john.com

for example non ssl domain

http://alex.com

Here i have problem with alex.com .suppose if i access alex.com with https(https://alex.com ) then it will show john.com home page.

Can any one help me how to fix this

I am using centos7 and nginx server

john.com site available

server {
server_name john.com www.john.com ;
root /var/www/john.com/public;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;

location / {
    try_files $uri $uri/ /index.php$is_args$args;
    index  index.php index.html index.htm;
}


error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}



 location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }





listen 80; # managed by Certbot

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.john.com /fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.john.com /privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = www.john.com ) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = john.com ) {
    return 301 https://$host$request_uri;
} # managed by Certbot


listen       80;
server_name  john.com  www.john.com ;
return 404; # managed by Certbot

}

Osiris · May 5, 2020, 7:33pm

That’s normal if both hostnames are situated on the same server and you’re using name based virtualhosts. Due to how TLS works, without SNI a TLS connection has to be established before the server can know the hostname of the virtualhost. Therefore, again, without SNI, it has to send some certificate to establish the TLS connection. Most of the time, webservers just use the certificate of the default virtualhost. In Apache, that’s the first <VirtualHost> section Apache comes across. In nginx, you can specify default_server after a listen directive. Otherwise, it uses the first server block it comes across.

So, if “alex.com” and “john.com” are on the same server, but “alex.com” doesn’t have a HTTPS server block associated with it, the server will take the default (or first) server block for the HTTPS connection, which might be “john.com”.

This is normally only an issue if the user manually types https:// in the address bar. Solution: don’t do that or convince your clients to use SSL.

codetestmg · May 6, 2020, 3:58am

Thank you for suggestion.I have one more query.Still my server john.com not redirecting from http to https too.Tried many solution but not working.

Osiris · May 6, 2020, 5:42am

Looks like you have two server blocks for john.com. Both with a listen 80 in it. I’m guessing (but I’m not very experienced with nginx) the redirects in the second server block (with a listen 80 too) are never reached.

system · June 5, 2020, 5:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.