landed
By:
landed

Cannot configure HTTPS for www subdomain using nginx server blocks

September 27, 2017 1.2k views
Nginx Ubuntu 16.04

I want to stop this from happening
https://www.site.com/articles/abc
This should be redirected (to remove www) as in my server block configuration. I don't understand why however. I have looked a lot at similar solutions on server fault and wonder if there is something more specific for DO.

here is the config thank you for help.

server {
    listen 80;
    listen [::]:80;
    server_name site.com www.site.com;
    return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl http2;
        include snippets/ssl-site.com.conf;
        include snippets/ssl-params.conf;

        root /var/www/site.com/html;

        index index.html index.htm index.nginx-debian.html index.php;

        server_name site.com www.site.com;
        #rewrite ^ https://site.com$request_uri? permanent;
        #return 301 https://$server_name$request_uri;

        add_header X-Frame-Options "SAMEORIGIN";

        rewrite ^(.*)/(\d+)-([^/]+)(.*)$ $1/$3 permanent;
        rewrite ^.*\.(pptx)$ https://caribbean-diving.com permanent;

        location ~* \.(?:css|js|gif|jpeg|jpg|png)$ {
                expires max;
                add_header Cache-Control public;
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ /.well-known {
                allow all;
        }

}
2 comments
  • landed September 27, 2017

    Ok looks like I was only doing a cert for the non www not www...and perhaps the order of things happening meant that even if the www variant was not redirecting because the www was not properly certified..so I re ran that

    You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/example.com.conf)

It contains these names: example.com

You requested these names for the new certificate: example.com,
www.example.com

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.com
tls-sni-01 challenge for www.example.com
Waiting for verification...
Cleaning up challenges
Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/example.com for set(['www.example.com', 'example.com'])
Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/example.com for set(['www.example.com', 'example.com'])
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/example.com:54
Rolling back to previous server configuration...
nginx restart failed:



IMPORTANT NOTES:
 - We were unable to install your certificate, however, we
   successfully restored your server to its prior configuration.
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2017-12-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
  • landed September 28, 2017

    So now I can see I get a padlock for the www version as well. However the redirection still has issues- ie doesn't actually redirect. So there is an seo problem rather than a nasty SSL problem but I want to solve the reason why the www is not redirected properly.
    I have another domain that is working sweet and the config looks identical so it is confusing.

    Edit that other domain was using .htaccess to redirect!

    So have now fixed them both with a separate server block to catch https://www variants..

Log In to Comment
1 Answer
kamaln7 MOD February 20, 2018

This question was answered by @landed:

So now I can see I get a padlock for the www version as well. However the redirection still has issues- ie doesn't actually redirect. So there is an seo problem rather than a nasty SSL problem but I want to solve the reason why the www is not redirected properly.
I have another domain that is working sweet and the config looks identical so it is confusing.

Edit that other domain was using .htaccess to redirect!

So have now fixed them both with a separate server block to catch https://www variants..

View the original comment

Reply
Have another answer? Share your knowledge.

Related Questions