Not Secure on www


#1

I have three sites running on a linode box. All have ssl certs. All have one with www and another without. In nginx, I have the configs setup to redirect from www to without. Everything is working as it should but, when you are on any of the sites and try adding in the address bar a www. in front of the name, it shows the site not secure page. If I click on the link to go to the site anyway, it shows one of the other sites instead, with the Not Secure in the address bar.

If I rename the config file of the site it wrongly took me to, it will take me to the next one and so on, all not secure.

I have tried changing the redirect to https instead of http, but that had no effect.


#2

Hi @Brian55,

Copuld you please show your real domain name or at least the nginx conf you are using for one of those domains?.

Cheers,
sahsanu


#3

Thanks for the reply. This is one of the sites shopvacuk.com


#4

@Brian55, now please, paste you nginx conf (all server blocks) for your domains shopvacuk.com and www.shopvacuk.com because you are not configuring server block for port 443 and subdomain www.shopvacuk.com correctly.


#5
server {
  server_name www.shopvacuk.com;
  rewrite ^ http://shopvacuk.com$request_uri? permanent;
}

***********************************************************************
# The config file for shopvacuk.com

server {

    listen 443;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/shopvacuk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/shopvacuk.com/privkey.pem;


    server_name shopvacuk.com;

    location / {
        proxy_pass http://localhost:3020;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {

    listen 80;

    server_name shopvacuk.com;

    listen [::]:80;

    return 301 https://$server_name$request_uri;
}

#6

Ok, so I would remove this part:

server {
  server_name www.shopvacuk.com;
  rewrite ^ http://shopvacuk.com$request_uri? permanent;
}

and would modify the other server blocks like this:

server {
    listen 443;
    listen [::]:443;
    server_name www.shopvacuk.com;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.shopvacuk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.shopvacuk.com/privkey.pem;
    return 301 https://shopvacuk.com$request_uri;
}

server {
    listen 443;
    listen [::]:443;
    server_name shopvacuk.com;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/shopvacuk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/shopvacuk.com/privkey.pem;
    location / {
        proxy_pass http://localhost:3020;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name shopvacuk.com wwww.shopvacuk.com;
    return 301 https://shopvacuk.com$request_uri;
}

So all the requests to http://shopvacuk.com http://www.shopvacuk.com https://www.shopvacuk.com would be redirected to https://shopvacuk.com

As you can see, I’ve added a new server block for www.shopvacuk.com which is configured to get its cert and privkey from /etc/letsencrypt/live/www.shopvacuk.com/ path (I hope that is the right path to the cert for your subdomain www.shopvacuk.com).

Cheers,
sahsanu


#7

Thanks very much, I will give it a try.

Regards


#8

It worked! Thanks again.

Cheers
Brian


#9

Hi sahsanu, Unfortunately I have found that there is still a problem. If I go to Firefox and enter www.shopvacuk.com, I get the Welcome to enginx page. This is the same on the other 2 sites as well. Is there another block needed?


#10

Hi @Brian55,

Please, show the output of this command (as root):

for i in $(grep -rli 'www.shopvacuk.com' /etc/nginx/); do echo "#### Found on file $i ####"; cat "$i"; echo "####### END #######"; echo " ";done


#11

Result:

#### Found on file /etc/nginx/conf.d/shopvacuk.com.conf ####
# The config file for shopvacuk.com

server {
    listen 443;
    listen [::]:443;
    server_name www.shopvacuk.com;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.shopvacuk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.shopvacuk.com/privkey.pem;
    return 301 https://shopvacuk.com$request_uri;
}

server {
    listen 443;
    listen [::]:443;
    server_name shopvacuk.com;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/shopvacuk.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/shopvacuk.com/privkey.pem;
    location / {
        proxy_pass http://localhost:3020;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name shopvacuk.com wwww.shopvacuk.com;
    return 301 https://shopvacuk.com$request_uri;
}
####### END #######

#### Found on file /etc/nginx/conf.d/www.shopvacuk.com.conf.delete ####
server {
  server_name www.shopvacuk.com;
  rewrite ^ http://shopvacuk.com$request_uri? permanent;
}

####### END #######

#12

@Brian55, I see no obvious error, /etc/nginx/conf.d/shopvacuk.com.conf is correct and /etc/nginx/conf.d/www.shopvacuk.com.conf.delete should not be loaded in nginx, it usually loads *.conf files, even if it were loaded, redirection should be performed.

Could you please restart nginx?.

If that doesn’t work I would need to review all your nginx conf so I will ask you to tar your nginx dir and send it to me privately.

tar zcvf brian55-nginx.tar.gz /etc/nginx/


#13

Unfortunately that didn’t work. How would you like me to send the list?


#14

I’ll send you a private message.


#15

Just for the records, the problem regarding subdomain www.shopvacuk.com not being redirected is because in the server conf I posted above, I wrote wwww.shopvacuk.com (4 w instead of 3 www.shopvacuk.com), so once the OP modify the subdomain with the right number of w letters :wink: the problem would be solved.


#16

Fantastic!
All seems to be working.

Thanks again