Redirect with LetsEncrypt Certbot certificates not working


#1

I am trying to setup https access on 2 servers using Certbot certificates . I am new to this. Here is my situation - I have two servers running -

a. www.example1.com on ip address A - runs Ubuntu/Apache (wordpress install)
b. www.example2.com on ip address B - runs Ubuntu/Nginx

I have just setup https Letsencrypt/ certbot certificates servers for both following the digital ocean tutorials for apache here and for ubuntu nginx here. Subsequently I am able to access both www.example1.com and www.example2.com by keying in the domains in the address bar.

  1. Problem 1 - when I try to access example2.com by keying in the ip address I get an nginx 404 not found error ( the domain name returns the site perfectly).

  2. In the domain example1.com I have setup a subdomain login.example1.com that I trying to redirect to ip address B (www.example2.com) this redirect is also returning the same nginx 404 not found error page.

The nginx conf file for the example2.com server is below.

server {

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /srv/www/example2.com;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name example2.com www.example2.com login.example1.com;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }
location /api/testprint {
    proxy_pass http://localhost:9001;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

  listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/setyourtest.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/setyourtest.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
if ($host = www.example2.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


if ($host = example2.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example2.com www.example2.com;
return 404; # managed by Certbot

}

#2

Hi,

This question is a little bit out of scope…(should be asked in server fault etc…)

For error message on the first domain (directly accessed by IP), it’s normal to see a 404 since I guess you does not have a “default_server” derivative… And you should not use IP address to visit a page since it would almost never be secured by a valid certificate (except some “IP” certificates)

Which server do you point the login.example1.com to?

According to your configuration, you should point that domain to the second server.

Also, the vHost for second server does not include login.example1.com in http version, means it will return a error message for http://login.example1.com

Thank you


#3

@stevenzhu many thanks for your feedback, it was very helpful. I was able to get the redirect working by adding login.example1.com in the conf file.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.