@Areku

The issue with LetsEncrypt is that it needs to resolve the domain to the server you intend on using the certificate on, so if the domain doesn’t resolve to your Droplet, where you intend on setting up an SSL certificate, then LE won’t work.

You’ll need to change the DNS on the domain to point to the Droplet, setup the server block(s) for the domain, and then use LE to generate the SSL Certificate.

Once you’ve done this, it’s simply a matter of using the same configuration settings as you did for the current domain for SSL and changing the path to match your new domains SSL Certificate.

..

SSL Certificates are IP specific, meaning you can’t generate a CSR on one host for a domain that points to an IP on another. This is why the DNS must point to the Droplet when you run LE.

Once the DNS is pointing to the Droplet, it’s a matter of running:

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com

My sincere thanks to your attention.

@jtittle

Hey!!

Hope you are still for this issue. My domain is alive.
Now i’d love to see my site showing the ‘secure’ sign in browser, like in my other domain www.radha.org.br.

Do we have to make modifications in the server block file of the additional site, www.arun.com.br?

and then make this command?

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com

@Areku

Each domain that you want to secure with SSL will need to have it’s own server block and SSL Cert, so you would need to run that command for each domain. After running the command, you’d modify the server block for the domain as you did the other and adjust the path to the SSL certificate files.

@jtittle

:)

@jtittle

Hey!

If it is possible for you to help, which steps of this tutorial i should redo to my new domain and which steps i should not redo?

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Gratitude OM

@Areku

If you’ve already setup your previous server block and it’s working, and you’re simply wanting to setup a new one, you’d simply copy the existing over to a new file and modify it to match the new domain.

You’d modify these directives:

server_name
root
ssl_certificate
ssl_certificate_key

The rest of the configuration is really dependent on your setup. Those are the only directives that will change behavior in terms of responding to requests for the domain, where files are pulled from, and where your certificate files are.

The only other thing to note would be that you can’t have two server blocks tagged with:

default_server

So this portion:

    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

Would become:

    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

i.e. default_server is stripped out.

Hey, @jtittle

In the default block file i have:

# SSL configuration
    #
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      include snippets/ssl-radha.org.br.conf;
          include snippets/ssl-params.conf;

In the arun block file i’ll have:

# SSL configuration
    #
    # listen 443 ssl http2;
    # listen [::]:443 ssl http2;
    #  include snippets/ssl-i'd-set-arun.com.br.conf;
        #  include snippets/ssl-params.conf;

In the directory snippets there is no arun.com.br.conf there…

I’ll uncomment these lines…

:)

Hey, @jtittle

In this portion in the default file:

location ~ /.well-known {
                allow all;
        }

In the arun block file i have:

# location ~ /.well-known {
        #        allow all;
        #}

I´ll uncomment these lines, right?

@jtittle , hey

The command has been given:

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com

In the end of the ‘trackback’ there is an error:

IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'

Thank you so much for helping!

I am excited to see this working!

In gratitude!!