Re: Serve same website under two URLs / domains with certbot

[Francis Daly]

On Sat, Jun 05, 2021 at 06:32:42PM -0400, forumacct wrote:

Hi there,

> I did this:
> sudo certbot --nginx -d skywatcher.space -d www.skywatcher.space -d
> drgert.dyndns.ws 
> 
> And it asked if I want to append the multiple domains into the same
> certificate which I confirmed. It created one file
> /etc/letsencrypt/live/skywatcher.space/fullchain.pem
> which has 3 sections I assume representing the three domain names. (Why do
> www.domain.com and domain.com count as two?)

My guess is that any pattern that the client should attempt to match the
hostname they chose to use against, counts as "one". So two different
strings are two.

> Then a single file in sites-enabled worked for me.
> 
> vi /etc/nginx/sites-enabled/rpi3_https_2dom.conf 
> # Default server configuration
> server {
>       listen 80 ;
>         listen 8000; # Alternate http port
>         root /media/usbstick/nginx/www;
> 
>       # Add index.php to the list if you are using PHP
>       index index.php index.html index.htm;
>         server_name drgert.dyndns.ws skywatcher.space www.skywatcher.space;
> # managed by Certbot
> 
>       location / {
>               # First attempt to serve request as file, then
>               # as directory, then fall back to displaying a 404.
>               try_files $uri $uri/ =404;
>       }
> 
>       # pass PHP scripts to FastCGI server
>       location ~ \.php$ {
>               include snippets/fastcgi-php.conf;
>               fastcgi_pass unix:/run/php/php7.3-fpm.sock;
>       }
> 
>     listen 443 ssl; # managed by Certbot
>     ssl_certificate /etc/letsencrypt/live/skywatcher.space/fullchain.pem; #
> managed by Certbot
>     ssl_certificate_key /etc/letsencrypt/live/skywatcher.space/privkey.pem;
> # managed by Certbot
>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
> }
> 
> For your experience/background is there anything in the above that is not
> yet OK?

It looks like it should work as-is.

I think that the try_files line in "location /" is probably unnecessary,
since it mostly reflects what the default is anyway.

And I think that the "# managed by Certbot" lines, once they are set up
once, probably never need to be changed if the tool is "just" renewing the
same cert in future -- all the next run of Certbot needs do is replace the
ssl_certificate file contents, and cause nginx to read the new content.

(Maybe that is what it does anyway.)

Cheers,

        f
-- 
Francis Daly        fran...@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx