Question

Letsencrypt for multiple domains on Nginx

I have a Nginx server setup with virtual host. There are many domains are hosted and all the running WordPress websites. Is there any tutorial available to implement Letsencrypt on Nginx virtual host? I want to keep all my website running perfectly. Please share.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I know this is an old post, but if anyone comes and see it @sunapi386 is completely correct with the certonly and the webroot commands. If you are interested on how to do it for multiple domains located in different paths there is a nice example on the certbot user guide https://certbot.eff.org/docs/using.html#webroot

The SSL certificate needs to contain several names, in the SubjectAltName certificate field, for example, you might want to have example.com and example.org domains. Note the SubjectAltName field length is limited, to about 1000 characters IIRC.

If you’re using Let’s Encrypt (as is the case in the nginx tutorial @kamaln7 referred to), then you can generate a SSL certificate for the domains.

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/default/html/ -d example.org -d example.com

Update the /etc/nginx/sites-available/example.com and /etc/nginx/sites-available/example.org accordingly. A /etc/nginx/sites-available/default is not need. See the diff:

server {                                                        server {
  listen 80;                                                      listen 80;
  listen [::]:80;                                                 listen [::]:80;
  server_name example.com;                                    |   server_name example.org;
  return 301 https://$server_name$request_uri;                    return 301 https://$server_name$request_uri;
}                                                               }
server {                                                        server {
  server_name example.com;                                    |   server_name example.org;
  listen 443 ssl http2;                                           listen 443 ssl http2;
  listen [::]:443 ssl http2;                                      listen [::]:443 ssl http2;

  ssl_certificate /etc/letsencrypt/live/default/fullchain.pem     ssl_certificate /etc/letsencrypt/live/default/fullchain.pem
  ssl_certificate_key /etc/letsencrypt/live/default/privkey.p     ssl_certificate_key /etc/letsencrypt/live/default/privkey.p
  include snippets/ssl-params.conf;                               include snippets/ssl-params.conf;
                                                                  
  root /var/www/example.com/html;                             |   root /var/www/example.org/html;
  index index.php                                                 index index.php 
  location / {                                                    location / {
    try_files $uri $uri/ /index.html =404;                          try_files $uri $uri/ /index.html =404;
    autoindex on;                                                   autoindex on;
  }                                                               }
  location ~ /.well-known {                                       location ~ /.well-known {
    allow all;                                                      allow all;
  }                                                               }
  location ~ \.php$ {                                             location ~ \.php$ {
    include snippets/fastcgi-php.conf;                              include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php5-fpm.sock;                       fastcgi_pass unix:/var/run/php5-fpm.sock;
  }                                                               }
}                                                               }

Note the folder that contains the SSL certificates /etc/letsencrypt/live/default/. You may need rename the folders that letsencrypt generated.

The SSL certificate needs to contain several names, in the SubjectAltName certificate field, for example, you might want to have example.com and example.org domains. Note the SubjectAltName field length is limited, to about 1000 characters IIRC.

If you’re using Let’s Encrypt (as is the case in the nginx tutorial @kamaln7 referred to), then you can generate a SSL certificate for the domains.

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/default/html/ -d example.org -d example.com

Update the /etc/nginx/sites-available/example.com and /etc/nginx/sites-available/example.org accordingly. A /etc/nginx/sites-available/default is not need. See the diff:

server {                                                        server {
  listen 80;                                                      listen 80;
  listen [::]:80;                                                 listen [::]:80;
  server_name example.com;                                    |   server_name example.org;
  return 301 https://$server_name$request_uri;                    return 301 https://$server_name$request_uri;
}                                                               }
server {                                                        server {
  server_name example.com;                                    |   server_name example.org;
  listen 443 ssl http2;                                           listen 443 ssl http2;
  listen [::]:443 ssl http2;                                      listen [::]:443 ssl http2;

  ssl_certificate /etc/letsencrypt/live/default/fullchain.pem     ssl_certificate /etc/letsencrypt/live/default/fullchain.pem
  ssl_certificate_key /etc/letsencrypt/live/default/privkey.p     ssl_certificate_key /etc/letsencrypt/live/default/privkey.p
  include snippets/ssl-params.conf;                               include snippets/ssl-params.conf;
                                                                  
  root /var/www/example.com/html;                             |   root /var/www/example.org/html;
  index index.php                                                 index index.php 
  location / {                                                    location / {
    try_files $uri $uri/ /index.html =404;                          try_files $uri $uri/ /index.html =404;
    autoindex on;                                                   autoindex on;
  }                                                               }
  location ~ /.well-known {                                       location ~ /.well-known {
    allow all;                                                      allow all;
  }                                                               }
  location ~ \.php$ {                                             location ~ \.php$ {
    include snippets/fastcgi-php.conf;                              include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php5-fpm.sock;                       fastcgi_pass unix:/var/run/php5-fpm.sock;
  }                                                               }
}                                                               }

Note the folder that contains the SSL certificates /etc/letsencrypt/live/default/. You may need rename the folders that letsencrypt generated.

Hi!

Let’s Encrypt is very simple to set up with Nginx. This tutorial will walk you through all the necessary steps to do that.

It is, however, written for setups where there is only one server block present. So, if you replace /etc/nginx/sites-available/default with the correct path for each server block, you should be fine.

At the end of Step 2, a Diffie-Hellman group is generated. Because it is shared between all server blocks, you only need to perform that step once.

Hi, i had trouble with this situation. i hav followed @kamaln7 suggestion but one of my domain cant be accessed because the certificate belong to my other domain. How is the server blocks for each domain? is there any different in listen 443 ssl http2 ? i use this in both :

listen 443 ssl http2 ;
listen [::]:443 ssl http2 ;