Question
Getting: NET::ERR_CERT_COMMON_NAME_INVALID after moving hosting from Netlify to my Droplet.
I’m in the process of moving all my Netlify domains into my DigitalOcean Droplet and wanted to make this the main one (the rest as subdomains). I already have a Node API hosted on the default sites-available.
I follwed this tutorial: https://linuxize.com/post/how-to-set-up-nginx-server-blocks-on-ubuntu-18-04/
In my /var/www/
I have a folder called repetitio.co.uk
which is the domain name. Within this has public_html
and contains index.html
and the rest of the static site pulled via Git. My API code is hosted in my Home directory under RepetitioServer
.
Within my /etc/nginx/sites-available
is repetitio.co.uk
which has my server file which contains:
server {
listen 80;
listen [::]:80;
root /var/www/repetitio.co.uk/public_html;
index index.html;
server_name repetitio.co.uk;
ssl_certificate /etc/letsencrypt/live/repetitio.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repetitio.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/repetitio.co.uk/chain.pem;
access_log /var/log/nginx/repetitio.co.uk.access.log;
error_log /var/log/nginx/repetitio.co.uk.error.log;
include snippets/ssl-params.conf;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
I ran certbot and got the OK and copied the certs URL as shown above. Running sudo nginx -t
returns
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now when I navigate to repetitio.co.uk
I get
Your connection is not private
Attackers might be trying to steal your information from repetitio.co.uk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
My default server file looks like:
server {
listen 80;
listen 127.0.01;
listen [::]:80 ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ww2.zone;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/ww2.zone/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ww2.zone/privkey.pem; # managed by Certbot
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Should also mention that I updated my CNAME records and have my domain in DigitalOcean Dashboard pointing to my droplet.
Any help is greatly appreciated.
Harry
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×