I’m using nginx as a reverse proxy for multiple node.js services.
I have a landing page @ naked and www
I have a few other services running using predefined sub-domains
Everything else (wildcard) is handled by a web app (multi-tenant app…)
I would like to add ssl support for my landing page only.
I have separated my landing page to a different virtual host.
How do I take it from here?
Should I install python-certbot-nginx or another version?
How can I setup without disrupting my current config?
I’m worried that running the default sudo certbot --nginx would modify my config in such a way that it wouldn’t work anymore.
There is a distinction between authenticator and installer. You may authenticate with the nginx-plugin but without certbot modifying any configuration at all.
Even after reading the documentation, it’s unclear to me what certbot --nginx actually does
How can I run certbot --nginx to target only one virtual host and @ and www ?
Just define a location-block which matches /.well-known/acme-challenge/ and point this to a real directory (root /path/to/directory).
There a plenty examples here, just search for it (I don’t use nginx).
In /path/to/directory you should then create the directories .well-known/acme-challenge.
certbot would then be invoked with --webroot -w /path/to/directory -d domain,www.domain