Nginx, multiple domains, multiple certificates / wildcard certificate

Can someone point me to a guide for nginx to serve multiple domains and multiple certificates?

I can only find guides that tells you how to serve one domain.

In particular I issued a wildcard certificate * but the browser says it is insecure. The cert in browser says “issued to *”

I have multiple virtualhosts in nginx with their own configuration and server blocks.

Basically like this:

# Redirect to HTTPS
server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;

    return 301$request_uri;

server {
    listen 443 ssl http2;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Change to corresponding location
    root /home/http/;

    # Change virtual host if needed

What part am I not understanding?

Do I need ONE certificate on the entire server containing EVERY single domain hosted by it?

1 Like

I see in your nginx configuration you’re using a subdomain two levels deep: Unfortunately, the wildcard in a wildcard certificate is only valid for one level.

I.e., if you have a cert for * that cert is only valid for, not! If you want a (wildcard) cert valid for too, you’d need a cert containing (among others possibly) * Note that you aren’t allowed to use two wildcards in a wildcard certificate. I.e., *.* isn’t allowed.

This aren’t Let’s Encrypt rules, but the rules every CA has to adhere to, the CA/Browser Forum Baseline Requirements.

1 Like

Thank you. I extended the certificate to * and it works.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.