Cannot configure HTTPS for www subdomain using nginx server blocks

September 27, 2017 488 views
Nginx Ubuntu 16.04

I want to stop this from happening
This should be redirected (to remove www) as in my server block configuration. I don't understand why however. I have looked a lot at similar solutions on server fault and wonder if there is something more specific for DO.

here is the config thank you for help.

server {
listen 80;
listen [::]:80;
return 301 https://$server

server {
listen 443 ssl;
listen [::]:443 ssl http2;
include snippets/;
include snippets/ssl-params.conf;

    root /var/www/;

    index index.html index.htm index.nginx-debian.html index.php;

    #rewrite ^$request_uri? permanent;
    #return 301 https://$server_name$request_uri;

    add_header X-Frame-Options "SAMEORIGIN";

    rewrite ^(.*)/(\d+)-([^/]+)(.*)$ $1/$3 permanent;
    rewrite ^.*\.(pptx)$ permanent;

    location ~* \.(?:css|js|gif|jpeg|jpg|png)$ {
            expires max;
            add_header Cache-Control public;

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
            root /usr/share/nginx/html;

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;

    location / {
            try_files $uri $uri/ /index.php?$args;

    location ~ /.well-known {
            allow all;


  • Ok looks like I was only doing a cert for the non www not www...and perhaps the order of things happening meant that even if the www variant was not redirecting because the www was not properly I re ran that

    You have an existing certificate that contains a portion of the domains you
    requested (ref: /etc/letsencrypt/renewal/
    It contains these names:
    You requested these names for the new certificate:,
    Do you want to expand and replace this existing certificate with the new
    (E)xpand/(C)ancel: E
    Renewing an existing certificate
    Performing the following challenges:
    tls-sni-01 challenge for
    tls-sni-01 challenge for
    Waiting for verification...
    Cleaning up challenges
    Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/ for set(['', ''])
    Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/ for set(['', ''])
    nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/
    Rolling back to previous server configuration...
    nginx restart failed:
     - We were unable to install your certificate, however, we
       successfully restored your server to its prior configuration.
     - Congratulations! Your certificate and chain have been saved at:
       Your key file has been saved at:
       Your cert will expire on 2017-12-26. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot again
       with the "certonly" option. To non-interactively renew *all* of
       your certificates, run "certbot renew"
  • So now I can see I get a padlock for the www version as well. However the redirection still has issues- ie doesn't actually redirect. So there is an seo problem rather than a nasty SSL problem but I want to solve the reason why the www is not redirected properly.
    I have another domain that is working sweet and the config looks identical so it is confusing.

    Edit that other domain was using .htaccess to redirect!

    So have now fixed them both with a separate server block to catch https://www variants..

Be the first one to answer this question.