I encrypted subdomains following the
and checked the txt records using
https://mxtoolbox.com/SuperTool.aspx?action=txt%3A_acme-challenge.example.comxxx#
but api.example.com is not showing encrypted, i.e., rendering not secured.
In the Nginx configuration, it is set as follows:
if ($host ~ ^[^.]+\.example\.com$) {
return 301 https://$host$request_uri;
} # managed by Certbot
So, it should be working, but not. What’s missing here?
Thanks
Hi @allison9y
checked your main domain there is a new wildcard certificate ( https://check-your-website.server-daten.de/?q=livelang.sydney ):
CN=livelang.sydney
07.06.2019
05.09.2019
expires in 86 days
*.livelang.sydney, livelang.sydney - 2 entries
But checking your subdomain no https is configured ( https://check-your-website.server-daten.de/?q=api.livelang.sydney ):
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://api.livelang.sydney/ | ||||
| 3.13.97.72 | 200 | 0.260 | H | |
| • https://api.livelang.sydney/ | ||||
| 3.13.97.72 | -2 | 1.374 | V | |
| ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 3.13.97.72:443 | ||||
| • http://api.livelang.sydney/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 3.13.97.72 | 404 | 0.253 | A | |
| Not Found | ||||
| Visible Content: 404 Not Found nginx/1.14.0 (Ubuntu) |
So add a port 443 vHost that uses the wildcard certificate.
What doesn’t it mean no https are configured. How can I configure this? Where?
in nginx.conf (or a file included in nginx.conf)
you should already have a 'server' directive in it else your http would not be served.
You have to add another with something like
server {
listen *:443 ssl http2;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
(...see nginx doc and tutorials...)
That's what @JuergenAuer is referring to when he is writing about 'vHost' (that's more an Apache term)
Thanks.
This api.example.com uses a different IP address to the main www.example.com. Thus do I have to configure the 443 server in as
server {
listen *:443 ssl http2;
server_name www.example.com
…
}
I gather that
13.xxx.xxx.xxx has to have a https directive but there is no certificates for the IP address. Does that mean that the IP has to be encrypted as well?
Yes the server_name directive should match your server name (duh.)
And the rest should look similar to your http (port 80) server section; with the addition of ssl directives of course (I did not look precisely but it’s certain that at least ssl_certificate and ssl_certificate_key directive should be present and point at your certificates - other directives can be present such as ssl_protocols, ssl_ciphers, and others but I’m not sure these are mandatory)
Normally you don’t use certificates with IP addresses (you don’t use pure IP addresses at all in modern Web)
I have no idea of what you could mean by that. No one is encrypting localhost.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.