Nginx Cookieless Subdomain Not Working After Adding SSL

Posted July 25, 2016 2.5k views
NginxUbuntuLEMPLet's Encrypt

I recently added Let’s Encrypt SSL to my Nginx web server but it has broken my cookieless subdomain that serves static content. None of the static content is reached & the subdomain redirects to my main domain. The main domain is & the subdomain is The SSL cert covers both of those domains, if that makes a difference. Below you can find the two server configs.

Main Domain Configuration

    server {
        listen 80;
        return 301 https://$server_name$request_uri;

    server {
        listen 443 ssl;
        listen [::]:80 default_server ipv6only=on;

        ssl_certificate /etc/letsencrypt/live/;
        ssl_certificate_key /etc/letsencrypt/live/;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        root /usr/share/nginx/html;
        index index.php index.html index.htm;


        location / {
            try_files $uri $uri/index.php;

        location ~ /.well-known {
            allow all;

        location ~* \.(png|js|otf|eot|svg|ttf|woff|woff2)$ {
            expires 365d;

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;

Subdomain Configuration

    server {
        listen 80;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 32k;
        gzip_types text/plain text/javascript text/css;
        gzip_vary on;

        location / {
            if ($request_filename ~ "\.(css|min.css|min.js|js|png|svg|ttf|eot|woff|otf|woff2|less|scss)$") {
                add_header Pragma "public";
                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
                add_header Access-Control-Allow-Origin *;
                access_log off;
                expires max;


        return 302$request_uri;

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

I solved the SSL problems. Please view this question for my other “challenge”.