Nginx how to get certificate for 3 domains on a vps

Hi Osiris i am trying to get all 3 websites on https and by system status i am not exactly sure what you mean by this?
Here the result of the certbot certificats ;

Found the following certs:
  Certificate Name: escapingthematrix.online
    Domains: sortirdelamatrice.online escapingthematrix.online naos-soultrap.online www.escapingthematrix.online www.naos-soultrap.online www.sortirdelamatrice.online
    Expiry Date: 2023-01-27 17:41:06+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/escapingthematrix.online/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/escapingthematrix.online/privkey.pem
  Certificate Name: naos-soultrap.online
    Domains: naos-soultrap.online www.naos-soultrap.online
    Expiry Date: 2023-01-26 01:33:56+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/naos-soultrap.online/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/naos-soultrap.online/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Currently, your nginx serves the certificate with the name naos-soultrap.online for all domains, which is not what you want of course. You want to have nginx use the certificate with the name escapingthematrix.online.

Once you have all the server blocks correctly configured with the correct server_name directives, as suggested above, you could try to run certbot install --nginx --cert-name escapingthematrix.online to install the correct cert into the HTTPS blocks.

4 Likes

After trying i get this result here ;

pierre@sortirdelamatrice:/etc/nginx/sites-available$ sudo certbot install --nginx --cert-name escapingthematrix.online
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer nginx
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/sortirdelamatrice.online.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/escapingthematrix.online.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/naos-soultrap.online.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/escapingthematrix.online.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/naos-soultrap.online.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/sortirdelamatrice.online.conf
nginx: [warn] conflicting server name "naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.naos-soultrap.online" on 0.0.0.0:80, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/sortirdelamatrice.online.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/escapingthematrix.online.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/naos-soultrap.online.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/escapingthematrix.online.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/naos-soultrap.online.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/sortirdelamatrice.online.conf
nginx: [warn] conflicting server name "naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.naos-soultrap.online" on 0.0.0.0:80, ignored

OK guy's everything is now working all sites are now secured but i have just a remaining question, will the renewal be automatic or i will have to do it manually?
Thank to all of you i have learn a lot about certificates and now I'm a happy guy!
I cannot really mark any post as the solution since all of you guy's were part of the solution.

1 Like

Depends on how you installed Certbot. Looking at the ancient version you're using probably using apt. And looking at the files the Ubuntu 20.04 package certbot installs (Ubuntu – File list of package certbot/focal/all), there should be a systemd timer setup to automatically renew.

It's always a good idea to run certbot renew --dry-run to test the renewal.

3 Likes

Hi Osiris, OK i will do a dry run and should i mind about the warning in the command result here?;

nginx: [warn] conflicting server name "naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.naos-soultrap.online" on 0.0.0.0:80, ignored

In addition to Osiris comments, yes, I would look at why that is happening. Might be harmless but might cause unexpected behavior.

Run the sudo nginx -T command which shows the full nginx active conf. Just view it carefully and you will likely see a duplicate use of those names.

4 Likes

Thank again Mike, but after looking very carefully it doesn't seem i have any duplicate but i will look once more to be sure. All sites seem to be working fine so maybe this will not affect anything serious and a sudo nginx -t give a successful result.
Regards Peter

1 Like

I think i found the duplicate but to be honest i am not sure which one to delete from the configuration?
here the config ;

server {

     server_name naos-soultrap.online www.naos-soultrap.online;

     root /home/pierre/public/naossoultrap;

     index index.html index.htm;

     location / {
          try_files $uri $uri/ =404;
     }

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/escapingthematrix.online/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/escapingthematrix.online/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
    if ($host = www.naos-soultrap.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = naos-soultrap.online) {
        return 301 https://$host$request_uri;

No, that's not the duplicate. The error is for duplicate on listening port 80 (you can have same name on other ports no problem)

So, what does this show

sudo nginx -T | grep naos
2 Likes

Hi Mike, here the result ;

pierre@sortirdelamatrice:/etc/nginx/sites-available$ sudo nginx -T | grep naos
nginx: [warn] conflicting server name "naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/sites-enabled/naos-soultrap.online.conf:
     server_name naos-soultrap.online www.naos-soultrap.online;
     root /home/pierre/public/naossoultrap;
    if ($host = www.naos-soultrap.online) {
    if ($host = naos-soultrap.online) {
     server_name naos-soultrap.online www.naos-soultrap.online;
    if ($host = naos-soultrap.online) {
     server_name naos-soultrap.online www.naos-soultrap.online;

That output suggests that /etc/nginx/sites-enabled/naos-soultrap.online.conf contains more than what you've shown earlier. In your post a few posts up only a single if ($host = naos-soultrap.online) { with corresponding server_name is shown, but the nginx -T output shows it twice. So a duplicate. Although it could also be in a different configuration file without "naos" in it, as you're grepping on naos. So please check again without the grep part and see which file contains the duplicate server block.

4 Likes

Hi Osiris you lost me here, i am not quite sure what you mean about doing it again without the grep synthax?

Just run:

3 Likes

Here it is ;

pierre@sortirdelamatrice:/etc/nginx/sites-available$ sudo nginx -t
nginx: [warn] conflicting server name "naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.naos-soultrap.online" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

The only configuration i have made and edit are the 3 server block that i have post in the upper section so i really don't get the naos-soultrap conflicting server name, i didn't put this server name anywhere else and i have verify all 3 server block after certbot modified them and there is no duplicate of that name there!

That's a lowercase t, not an uppercase T and shows even less than your previous command.

4 Likes

OK now i see the problem since the copy/paste for some reason didn't work as expected so here it is again and i am not sure what to delete;

server {

     server_name naos-soultrap.online www.naos-soultrap.online;

     root /home/pierre/public/naossoultrap;

     index index.html index.htm;

     location / {
          try_files $uri $uri/ =404;
     }

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/escapingthematrix.online/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/escapingthematrix.online/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
    if ($host = www.naos-soultrap.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = naos-soultrap.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


     listen 80;
     listen [::]:80;
     server_name naos-soultrap.online www.naos-soultrap.online;
    return 404; # managed by Certbot




}
server {
    if ($host = naos-soultrap.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



That doesn't look like a complete output of nginx -T, but it does show the duplicate HTTP server block, albeit incomplete, at the bottom.

4 Likes

Strange, could this have happen when i reinstall the correct certificate since i really didn't touch it at all!
So just deleting this part should fix it right ?

server {
    if ($host = naos-soultrap.online) {
        return 301 https://$host$request_uri;
    } # managed by Certbot