By ariziragoran
if i go to mydomain.com it will redirect to https://mydomain.com, the same is trye for any other http connection. However, if i type.
https://www.mydomain.com/ i will get a browser warning of Your connection is not secure
server {
listen 80;
listen [::]:80;
server_name mydomain.com www.mydomain.com *.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-mydomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/mydomain.com/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain.com;
location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ =404;
}
}
I’ve tried adding the listen 443 to the first server tag but that didn’t resolve anything. Any help is appreciated :)
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
When you generate an SSL certificate, you must include domain.com and www.domain.com – this is especially true with Let’s Encrypt / CertBot.
If you only specified domain.com when generating the SSL certificate, you’ll need to run it again and include both versions of the domain. This applies for all domains that you generate certificates for.
i.e. when passing -d, you’ll want:
-d domain.com -d www.domain.com
The only thing Let’s Encrypt / CertBot doesn’t support is WildCards, so you can’t pass:
-d *.domain.com
… at least not yet :-) (not sure if they plan to add this in the future).
When it comes to WildCards, the only way to truly support them without buying a specific certificate would be to manually hand-key all the domains and run them through the Let’s Encrypt / CertBot.
You can buy a WildCard SSL Certificate from NameCheap – they run $94-$99 / year. These types of certificates don’t have the same limitations, so you’d generate it once and it’d be valid for one domain, but any number of sub-domains.
i.e.
www.domain.com
my.domain.com
sub.domain.com
sub01.domain.com
etc.
The downside there is, of course, that you have to pay for the SSL Certificate each year. The upside, you don’t have to key in each sub-domain / sub-domain variation when you add a new one.
You could still use Let’s Encrypt / CertBot for domains that don’t need WildCards, but to truly support WildCards and not have to go through all the hassle, purchasing the certificate is the only way right now.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.