DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

after installing iRedMail my nginx 404 error
Question
My website is unresponsive! What do I do?
Question

Question

Insecure Connection with www for nginx

if i go to mydomain.com it will redirect to https://mydomain.com, the same is trye for any other http connection. However, if i type.

https://www.mydomain.com/ i will get a browser warning of Your connection is not secure

mydomain.com

server {
        listen 80;
        listen [::]:80;
        server_name mydomain.com www.mydomain.com *.mydomain.com;

        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        include snippets/ssl-mydomain.com.conf;
        include snippets/ssl-params.conf;

        root /var/www/mydomain.com/html;

        index index.html index.htm index.nginx-debian.html;

        server_name mydomain.com;

        location ~ /.well-known {
                allow all;
        }

        location / {
                try_files $uri $uri/ =404;
        }
}

I’ve tried adding the listen 443 to the first server tag but that didn’t resolve anything. Any help is appreciated :)

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Jonathan TittleMay 19, 2017

@ariziragoran

When it comes to WildCards, the only way to truly support them without buying a specific certificate would be to manually hand-key all the domains and run them through the Let’s Encrypt / CertBot.

You can buy a WildCard SSL Certificate from NameCheap – they run $94-$99 / year. These types of certificates don’t have the same limitations, so you’d generate it once and it’d be valid for one domain, but any number of sub-domains.

i.e.

www.domain.com
my.domain.com
sub.domain.com
sub01.domain.com
etc.

The downside there is, of course, that you have to pay for the SSL Certificate each year. The upside, you don’t have to key in each sub-domain / sub-domain variation when you add a new one.

You could still use Let’s Encrypt / CertBot for domains that don’t need WildCards, but to truly support WildCards and not have to go through all the hassle, purchasing the certificate is the only way right now.

Jonathan TittleMay 19, 2017

@ariziragoran

When you generate an SSL certificate, you must include domain.com and www.domain.com – this is especially true with Let’s Encrypt / CertBot.

If you only specified domain.com when generating the SSL certificate, you’ll need to run it again and include both versions of the domain. This applies for all domains that you generate certificates for.

i.e. when passing -d, you’ll want:

-d domain.com -d www.domain.com

The only thing Let’s Encrypt / CertBot doesn’t support is WildCards, so you can’t pass:

-d *.domain.com

… at least not yet :-) (not sure if they plan to add this in the future).

Tool[NEW] Bandwidth Pricing CalculatorTool

Related

after installing iRedMail my nginx 404 error
Question
My website is unresponsive! What do I do?
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up