NGINX + Let's Encrypt + Subdomains CentOS 7

Could use some assistance configuring subdomains properly

My domain is: vastspace.ca

I ran this command:
https://forums.centos.org/viewtopic.php?f=48&t=73353

It produced this output:
Nginx not starting.

My web server is (include version): nginx 1.16.1

The operating system my web server runs on is (include version): CentOS 7 Updated

My hosting provider, if applicable, is: Self Hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

Hi @signalsout

please check your syntax. Count { and }.

You are referring the second set of code from conf.d? I just commented them out for testing. What I would like is 80 and 443 for each subdomain to be configured properly with SSL. Every subdomain has a /var/www/html/files.vastspace.ca.

So for your second snippet, you only have a open { on server, without a closing one. You’ve commented out } on line 8…
That’s what @juergenauer tried to say.

(By the way, you should try to properly indent the configuration file for better understanding and it really helps to avoid this kind of issue, although it’ll take some effort)

Thank you

In my first snippet I have to specify a 443 and root location for my directory is what I am getting at. Configuring 443 is the issue.

It’s not. If your config file is wrong (not enough }), your configuration can’t work.

So you have to fix that error first.

Nginx not starting -> that’s the result of your syntax error.

My issue isn’t unencrypted subdomains not working, my issue is properly configuring 443 encrypted subdomains.

Your files - subdomain works - https://check-your-website.server-daten.de/?q=files.vastspace.ca#connections

Grade B, there is no problem visible. So you have fixed your “nginx not starting”.

In this case, can you help us verify two outputs?
nginx -T and nginx -t

Please also tell us what domain are you trying to configure and what’s the exact situation here (like in what step you are having issue, and what have you done)

Thank you

1 Like

Those are domains configured to point to the webserver. Stop. Just stop.

https://pastebin.com/YK13H0nk

Thanks for this output.

Which certificate do you want to use?
(e.g. a wildcard certificate that covers all subdomains with DNS-01, or a certificate that lists all hostnames)

Have you requested any certificate yet?

Thank you

yes. I want to configure subdomains with individual root dirs.

[code]# For more information on configuration, see:

* Official English Documentation: http://nginx.org/en/docs/

* Official Russian Documentation: http://nginx.org/ru/docs/

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

Load modular configuration files from the /etc/nginx/conf.d directory.

See http://nginx.org/en/docs/ngx_core_module.html#include

for more information.

include /etc/nginx/conf.d/*.conf;
###Vastspace.ca
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name vastspace.ca;
root /var/www/html/vastspace.ca;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

}
###Files.vastspace.ca
server {
listen 80;
listen [::]:80;
server_name files.vastspace.ca;
root /var/www/html/files.vastspace.ca;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

}

Settings for a TLS enabled server.

server {

listen 443 ssl http2 default_server;

listen [::]:443 ssl http2 default_server;

server_name _;

root /var/www/html/vastspace.ca;

ssl_certificate “/etc/pki/nginx/server.crt”;

ssl_certificate_key “/etc/pki/nginx/private/server.key”;

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

location / {

}

error_page 404 /404.html;

location = /40x.html {

}

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

###Vastspace.ca
server {
server_name www.vastspace.ca vastspace.ca; # managed by Certbot
root /var/www/html/vastspace.ca;

# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vastspace.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vastspace.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
###files.vastspace.ca
server {
server_name files.vastspace.ca; # managed by Certbot
root /var/www/html/files.vastspace.ca;

# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vastspace.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vastspace.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

##########################################################
server {
if ($host = pixel.vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = blog.vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = social.vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = files.vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = www.vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = vastspace.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen       80 ;
listen       [::]:80 ;

server_name blog.vastspace.ca www.vastspace.ca social.vastspace.ca pixel.vastspace.ca files.vastspace.ca vastspace.ca;
return 404; # managed by Certbot

}}
[/code]

[code]Unit nginx.service has begun starting up.
Feb 07 01:04:28 www nginx[20856]: nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/nginx.conf:158
Feb 07 01:04:28 www nginx[20856]: nginx: configuration file /etc/nginx/nginx.conf test failed
Feb 07 01:04:28 www sudo[20843]: pam_unix(sudo:session): session closed for user root
Feb 07 01:04:28 www systemd[1]: nginx.service: control process exited, code=exited status=1
Feb 07 01:04:28 www polkitd[962]: Unregistered Authentication Agent for unix-process:20845:6419698 (system bus name :1.322, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (dis
Feb 07 01:04:28 www systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
– Subject: Unit nginx.service has failed
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

– Unit nginx.service has failed.
[/code]

listen 443 ssl; # managed by Certbot

Ok, So I can get subdomains loaded on 80. It was the default server string that was messing me up but I am still having issues with SSL.

listen [::]:443 ssl ipv6only=on;

remove ipv6only=on so its

listen [::]:443 ssl

I now have subdomains.

2 Likes