Question

Insecure Connection with www for nginx

if i go to mydomain.com it will redirect to https://mydomain.com, the same is trye for any other http connection. However, if i type.

https://www.mydomain.com/ i will get a browser warning of Your connection is not secure

mydomain.com

server {
        listen 80;
        listen [::]:80;
        server_name mydomain.com www.mydomain.com *.mydomain.com;

        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        include snippets/ssl-mydomain.com.conf;
        include snippets/ssl-params.conf;

        root /var/www/mydomain.com/html;

        index index.html index.htm index.nginx-debian.html;

        server_name mydomain.com;

        location ~ /.well-known {
                allow all;
        }

        location / {
                try_files $uri $uri/ =404;
        }
}

I’ve tried adding the listen 443 to the first server tag but that didn’t resolve anything. Any help is appreciated :)


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@ariziragoran

When it comes to WildCards, the only way to truly support them without buying a specific certificate would be to manually hand-key all the domains and run them through the Let’s Encrypt / CertBot.

You can buy a WildCard SSL Certificate from NameCheap – they run $94-$99 / year. These types of certificates don’t have the same limitations, so you’d generate it once and it’d be valid for one domain, but any number of sub-domains.

i.e.

www.domain.com
my.domain.com
sub.domain.com
sub01.domain.com
etc.

The downside there is, of course, that you have to pay for the SSL Certificate each year. The upside, you don’t have to key in each sub-domain / sub-domain variation when you add a new one.

You could still use Let’s Encrypt / CertBot for domains that don’t need WildCards, but to truly support WildCards and not have to go through all the hassle, purchasing the certificate is the only way right now.

@ariziragoran

When you generate an SSL certificate, you must include domain.com and www.domain.com – this is especially true with Let’s Encrypt / CertBot.

If you only specified domain.com when generating the SSL certificate, you’ll need to run it again and include both versions of the domain. This applies for all domains that you generate certificates for.

i.e. when passing -d, you’ll want:

-d domain.com -d www.domain.com

The only thing Let’s Encrypt / CertBot doesn’t support is WildCards, so you can’t pass:

-d *.domain.com

… at least not yet :-) (not sure if they plan to add this in the future).