Nginx+Letsencrypt proxy subdomain

Posted July 14, 2020 2.8k views
NginxLet's Encrypt

Hi all,

I have a nice little domain with a blog on the front page, secured with LetsEncrypt. So far, so good; but I like the domain I’m using so much that I want to point a subdomain at another service I’ve got running on a different IP.

I entered a new A record and added the following to my sites-enabled file:

server {
        server_name sub.domain.tld;
        location / {
                proxy_pass http://x.x.x.x:80;

Then, I ran certbot and generated an SSL certificate for the subdomain without a hitch.

However, when I try navigating to https://sub.domain.tld, it will not connect at all; but using http:// works fine.

I’m not terribly experienced with Nginx and I’m afraid of losing track of changes and screwing up my config. Any advice?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @sitful,

Hmm, this is indeed interesting. Having said that, this seems a little too complex. Can you confirm if you have the said service on the same droplet or on a different one?

If you have the service on another droplet,I’ll recommend just using your DNS to point your subdomain to it and install the Let’s Encrypt certificate there rather than going through all the hassle.

If you have the service on the same droplet, you’ll need to create an https server block for your subdomain. If unsure how to do so, I’ll recommend checking out the following tutorial:


by Justin Ellingwood
When using the Nginx web server, server blocks (similar to the virtual hosts in Apache) can be used to encapsulate configuration details and host more than one domain off of a single server. In this guide, we'll discuss how to configure server blocks in Nginx on an Ubuntu 16.04 server.
  • Hi @KFSys

    Thanks for the reply; the service I want to point at is indeed on another droplet.

    The other droplet does not have a domain; is it possible to install a LE cert for it regardless? Cursory Googling suggests that it isn’t.

    I would just combine them, and may eventually, but at the moment I’d prefer to keep them on separate droplets.