I’m using Certbot wildcard cert for my base and subdomains.
After setup the certificate is valid for all of them. But when access base domain and all subdomains, I realise that now all of them serve same files which is belongs to the base domain. So it leads to base domain and all subdomains has same content.
I’m using Nginx. I already declare clearly where to serve file which each domain with ‘root’ directive.
Before this, I was using separate certificates for each domain, it was working fine, then I move to wildcard cert.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Also, what is the contents of the relevant nginx configuration files? Please post them in total.
I see you've manually installed the certificate. Was the above block the same before you installed the certificate? It probably wasn't, because now it's just the redirect What exactly did you modify to install the certificate? What was the HTTP server block before you installed the certificate? Did it also contain the wild card server_name? Or just server_name jamesisme.com? Also, what is the contents of the configuration file for the subdomain(s)?
Hi @JuergenAuer
yes, that is the problem I want to tell you. I don’t know why I already declare very clear which folder to serve file with the base domain and the subdomain. Their contents is totally different.
But when server is up. They serve same content (and the content you see is belong to the base domain, have no idea why it serve same with the subdomain)
According to the server_name documentation, it should not matter if there is a wild card server_name besides an exact server_name entry. The latter should be used.
@maitrungduc1410 Please post all the relevant nginx configuration files, as requested earlier. We’re pretty much guessing until you do so.
Hi @Osiris,
Here is the full nginx configuration for those 2 domains: jamesisme.com
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name *.jamesisme.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jamesisme.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jamesisme.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name *.jamesisme.com;
return 301 https://$host$request_uri;
}
And webrtc.jamesisme.com:
server {
root /var/www/html/node_react_webrtc;
server_name *.jamesisme.com;
more_clear_headers Server; # from nginx-extras, to disable server info in response to client
server_tokens off; # from nginx-extras, to disable server info in response to client
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jamesisme.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jamesisme.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name *.jamesisme.com;
return 301 https://$host$request_uri;
}
Oop, sorry, a more little bit difference is the location (this is for nodejs app)
Thats the same server_name as the server block before?!? So you have two (actually four, but let's say two) server blocks with different roots but the sameserver_name directives and expect your nginx to magically know which one to use?
I just change the server_name to match exactly with the domain I use, not use same wildcard for both. Because I looked at this tutorial on medium and config like them
for example:
for domain webrtc.jamesisme.com:
change from server_name *.jamesisme.com to server_name webrtc.jamesisme.com