Hi All
Many thanks in advance for any help
I have a server in AWS EC2 running Ubuntu with Nginx and 10 + domains all was working fine until I wanted to add a new domain with ssl
I used the wrong setup which said I needed to Stop the Nginx service which for some reason deleted my /etc/nginx/sites-available/ DIR so I lost all my domain config files
I have re created the config files as I thought I had done before for both SSL and none SSL domains but the SSL domains seem to be working but the none SSL domains will not work and I either get cert error where the none SSL domain seems to be picking up the cert from the base SSL domain
Hope that makes sense? see example from google chrome below when I try to access one of the non SSL domains
Your connection is not private
Attackers might be trying to steal your information from www.non-ssl-domain-1.co.uk (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Help improve Safe Browsing by sending some system information and page content to Google. Privacy Policy
This server could not prove that it is www.non-ssl-domain-1.co.uk; its security certificate is from ssl-domain-1.co.uk. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to www.non-ssl-domain-1.co.uk (unsafe)
If i click on Proceed to www.non-ssl-domain-1.co.uk (unsafe) it then re directs me to ssl-domain-1.co.uk
Could some one take a look at my config files and let me know where iβm going wrong please?
SSL nginx config file for one of the domains
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name ssl-domain-1.co.uk www.ssl-domain-1.co.uk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://www.ssl-domain-1.co.uk$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ssl-domain-1.co.uk;
ssl_certificate /etc/letsencrypt/live/ssl-domain-1.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ssl-domain-1.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/ssl-domain-1.co.uk/fullchain.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
return 301 https://www.ssl-domain-1.co.uk$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
server_name www.ssl-domain-1.co.uk;
ssl_certificate /etc/letsencrypt/live/ssl-domain-1.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ssl-domain-1.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/ssl-domain-1.co.uk/fullchain.pem;
include /etc/nginx/snippets/ssl-params.conf;
root /var/www/ssl-domain-1.co.uk/html;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Non SSL nginx config file for one of the domains
server {
listen 80;
listen [::]:80;
root /var/www/non-ssl-domain-1.co.uk/html;
index index.php index.html index.htm;
server_name non-ssl-domain-1.co.uk www.non-ssl-domain-1.co.uk;
location /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
location ~ /.well-known {
allow all;
}
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Kind regards
Simon