I setup a virtual host and assigned it an SSL using:
certbot -n --nginx --redirect --post-hook "systemctl reload nginx" -d marketing.dev.youandmedigital.net
Certbot edited my nginx virtualhost file for marketing.dev.youandmedigital.net, which looks like this (and all was working fine at this point);
server {
server_name marketing.dev.youandmedigital.net
include /etc/nginx/conf.d/marketing.d/main.conf;
include /etc/nginx/default_error_messages.conf;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/marketing.dev.youandmedigital.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/marketing.dev.youandmedigital.netprivkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = marketing.dev.youandmedigital.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name marketing.dev.youandmedigital.net;
return 404; # managed by Certbot
}
I needed to add another domain name and ssl to marketing.dev.youandmedigital.net, so I used the --expand command to update my original certificate (full command can be seen below).
The new certificate was issued without any problems, however it didn’t update my NGINX virtualhost file for marketing.dev.youandmedigital.net. I had to add the new domain to “server_name” manually in my config file. I guess I was expecting certbot to update my nginx virtualhost file like this, but it didn’t…
server {
server_name marketing.dev.youandmedigital.net youandme.digital;
include /etc/nginx/conf.d/marketing.d/main.conf;
include /etc/nginx/default_error_messages.conf;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/marketing.dev.youandmedigital.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/marketing.dev.youandmedigital.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = marketing.dev.youandmedigital.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = youandme.digital) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name marketing.dev.youandmedigital.net youandme.digital;
return 404; # managed by Certbot
}
Am I going about this the right way? If I update my cert to add more domains, shouldn’t the certbot nginx plugin update my config files too? Or do I have todo this manually?
My domain is:
https://dev.youandmedigital.net
I ran this command:
certbot -n --nginx --redirect --expand --post-hook "systemctl reload nginx" -d marketing.dev.youandmedigital.net -d youandme.digital -d www.youandme.digital
It produced this output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@yam-avalon-ams3-01:~# certbot -n --nginx --redirect --expand --post-hook "systemctl reload nginx" -d marketing.dev.youandmedigital.net -d youandme.digital -d www.youandme.digital
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert not yet due for renewal
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/conf.d/marketing.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/marketing.conf
Could not automatically find a matching server block. Set the `server_name` directive to use the Nginx installer.
My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)
certbot 0.22.2
The operating system my web server runs on is (include version):
Ubuntu 16.04.4 LTS
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No