Related

NGINX Config Generator Tool

Easily configure a performant, secure, and stable NGINX server.

 Learn More
how to setup subdomain on nginx ubuntu for file hosting Question Question
Best way to manage multiple domain with SSL in single droplet? Question Question

Question

Add a further ssl certificate to nginx/serverpilot multisite wordpress droplet

Posted October 19, 2017 1.8k views
NginxUbuntu

Using the great tutorials here I successfully implemented ssl certificates for a few sites on my multisite serverpilot wordpress droplet. But how to add further certificates? I have generated new certificate such that I now have a folders under /etc/letsencrypt/live called bell-computing.com (with the already working certificates) and paulmarshall.com (with the new certificate i want to add).

I have a single conf file, nginx-sp.ssl.conf, in /etc/nginx-sp/ but not sure how or even if I edit it.

Below are the contents of this file
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bell-computing.com www.bell-computing.com;

ssl on;

# letsencrypt certificates
ssl_certificate      /etc/letsencrypt/live/bell-computing.com/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/bell-computing.com/privkey.pem;

    #SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;

    # modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;


    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; 

    # OCSP stapling 
    ssl_stapling on; 
    ssl_stapling_verify on; 

    # verify chain of trust of OCSP response 
    ssl_trusted_certificate /etc/letsencrypt/live/bell-computing.com/chain.pem;

    #root directory and logfiles 
    root /srv/users/serverpilot/apps/wordpress/wordpress_nginx/public; 

    access_log /srv/users/serverpilot/log/wordpress/wordpress_nginx.access.log main; 
    error_log /srv/users/serverpilot/log/wordpress/wordpress_nginx.error.log; 

    #proxyset 
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-SSL on; 
    proxy_set_header X-Forwarded-Proto $scheme; 

    #includes 
    include /etc/nginx-sp/vhosts.d/wordpress.d/*.nonssl_conf; 
    include /etc/nginx-sp/vhosts.d/wordpress.d/*.conf;

}

Add a comment
patbell101
By:
patbell101

Related

NGINX Config Generator Tool

Easily configure a performant, secure, and stable NGINX server.

 Learn More
how to setup subdomain on nginx ubuntu for file hosting Question Question
Best way to manage multiple domain with SSL in single droplet? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
patbell101 October 24, 2017

Found it
sudo certbot certonly –agree-tos –non-interactive –expand –email pat@bell-computing.com –webroot -w /srv/users/serverpilot/apps/wordpress/public -d paulmarshallcarpetsandflooring.bell-computing.com -d pmcarpetsandflooring.com
does the job

Reply Report
  • patbell101 October 26, 2017

    Nope, that doesn’t work. I needed to use a superset of domains apparently, did that but it still doesn’t add the new site and claims that there is an authentication error for bell-computing.com some problem with authentication a file in .well-known, which is empty. Qualys tests it ok though and it seems to have been working for weeks.

    Something to do with Cloudflare someone says on the LetsEncrypt forum but disabling that makes no difference. No solutions there, nor here it seems.

    I might put all the sites on cloudflare and use their wildcard origin TLS certificate.

    Whats the best way to clean off all my letsencrypt certificates?

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help