Multiple certificates for multiples domains with Nginx


#1

Hi,
I have several domains on a dedicated server with a public IP.
OS : Ubuntu Server 16.04 with Nginx 1.10
I want to have a Let’s Encrypt Certificate for each domain.
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/notes -d notespourdemain.com -d www.notespourdemain.com

This first certificate works.
His server block

server {
	listen 80;
	listen [::]:80;
	server_name notespourdemain.com www.notespourdemain.com;
	return 301 https://$server_name$request_uri;
}
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	ssl on;
        ssl_certificate 	/etc/letsencrypt/live/notespourdemain.com/fullchain.pem;
        ssl_certificate_key 	/etc/letsencrypt/live/notespourdemain.com/privkey.pem;

	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	root /var/www/notes;
	index index.php;

It’s ok for this site https://notespourdemain.com

I do the same things for the second domain
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/jcsalomon -d jcsalomon.com -d www.jcsalomon.com
It’s ok for Let’s Encrypt, I have my /etc/letsencrypt/live/jcsalomon.com/ with the *.pem
His server block is the same.
It’s ok when I go to this siite https://jcsalomon.com
but when I want to come back to my first domain https://notespourdemain.com
I have with Firefox :

www.notespourdemain.com uses an invalid security certificate. The certificate is only valid for the following names: jcsalomon.com, www.jcsalomon.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

and with Google Chrome :
NET::ERR_CERT_COMMON_NAME_INVALID

So, what is the problem ?
Can I have multiple certificates for each domain on a single web Server Nginx ?

Regards,
Pierre


Multiple certificates vs. 1
#2

Your ssl server blocks don’t have server_name set, so Nginx doesn’t know which one to use resulting in one being chosen by default. If you override the cert warning you’ll see that currently notespourdemain.com is showing the content of jcsalomon.com when accessed over https.


#3

Oh my God !!!
Thanks a lot cool110 !
Great !
Pierre


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.