Insecure Connection with www for nginx

if i go to it will redirect to, the same is trye for any other http connection. However, if i type. i will get a browser warning of Your connection is not secure

server {
        listen 80;
        listen [::]:80;
        server_name *;

        return 301 https://$server_name$request_uri;

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        include snippets/;
        include snippets/ssl-params.conf;

        root /var/www/;

        index index.html index.htm index.nginx-debian.html;


        location ~ /.well-known {
                allow all;

        location / {
                try_files $uri $uri/ =404;

I’ve tried adding the listen 443 to the first server tag but that didn’t resolve anything. Any help is appreciated :)

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.


When it comes to WildCards, the only way to truly support them without buying a specific certificate would be to manually hand-key all the domains and run them through the Let’s Encrypt / CertBot.

You can buy a WildCard SSL Certificate from NameCheap – they run $94-$99 / year. These types of certificates don’t have the same limitations, so you’d generate it once and it’d be valid for one domain, but any number of sub-domains.


The downside there is, of course, that you have to pay for the SSL Certificate each year. The upside, you don’t have to key in each sub-domain / sub-domain variation when you add a new one.

You could still use Let’s Encrypt / CertBot for domains that don’t need WildCards, but to truly support WildCards and not have to go through all the hassle, purchasing the certificate is the only way right now.


When you generate an SSL certificate, you must include and – this is especially true with Let’s Encrypt / CertBot.

If you only specified when generating the SSL certificate, you’ll need to run it again and include both versions of the domain. This applies for all domains that you generate certificates for.

i.e. when passing -d, you’ll want:

-d -d

The only thing Let’s Encrypt / CertBot doesn’t support is WildCards, so you can’t pass:

-d *

… at least not yet :-) (not sure if they plan to add this in the future).