Areku
By:
Areku

Someone guide me in setting up Let's Encrypt in additional site in same Nginx VPS?

March 29, 2017 684 views
Let's Encrypt Nginx Security Ubuntu 16.04

Hi!

My one site radha.org.br is fine, with Certificate working. I intend to make an additional domain also https. Someone so kind to guide me into this?

I just completed a tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04
and set all up for this new site with success! The only thing is that this new site is actually online in another server. I am preparing everything to bring it to my VPS in DO. I can't point it's domain to DO yet. I want to prepare everything so that i can either redo or migrate it to DO.

Thanks a lot for any help or suggestion!!!

11 Answers

@Areku

The issue with LetsEncrypt is that it needs to resolve the domain to the server you intend on using the certificate on, so if the domain doesn't resolve to your Droplet, where you intend on setting up an SSL certificate, then LE won't work.

You'll need to change the DNS on the domain to point to the Droplet, setup the server block(s) for the domain, and then use LE to generate the SSL Certificate.

Once you've done this, it's simply a matter of using the same configuration settings as you did for the current domain for SSL and changing the path to match your new domains SSL Certificate.

..

SSL Certificates are IP specific, meaning you can't generate a CSR on one host for a domain that points to an IP on another. This is why the DNS must point to the Droplet when you run LE.

Once the DNS is pointing to the Droplet, it's a matter of running:

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com
  • Hmmmm, forgive-me for my ignorance.

    Is it possible that the two domains will be https?

    letsencrypt certonly -d yourdomain.com -d www.yourdomain.com -d otherdomain.com -d www.otherdomain.com
    

    Like this?

    • @Areku

      Yes, you can pass multiple domains :-), though the domains need to resolve to the Droplet that you're running LE from. If they don't resolve, LE will fail.

My sincere thanks to your attention.

@jtittle

Hey!!

Hope you are still for this issue. My domain is alive.
Now i'd love to see my site showing the 'secure' sign in browser, like in my other domain www.radha.org.br.

Do we have to make modifications in the server block file of the additional site, www.arun.com.br?

and then make this command?

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com

@Areku

Each domain that you want to secure with SSL will need to have it's own server block and SSL Cert, so you would need to run that command for each domain. After running the command, you'd modify the server block for the domain as you did the other and adjust the path to the SSL certificate files.

@jtittle

Hey!

If it is possible for you to help, which steps of this tutorial i should redo to my new domain and which steps i should not redo?

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Gratitude OM

In this tutorial, we will show you how to use Let's Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 16.04. We will also show you how to automatically renew your SSL certificate. If you're running a different web server, simply follow your web server's documentation to learn how to use the certificate with your setup.

@Areku

If you've already setup your previous server block and it's working, and you're simply wanting to setup a new one, you'd simply copy the existing over to a new file and modify it to match the new domain.

You'd modify these directives:

server_name
root
ssl_certificate
ssl_certificate_key

The rest of the configuration is really dependent on your setup. Those are the only directives that will change behavior in terms of responding to requests for the domain, where files are pulled from, and where your certificate files are.

The only other thing to note would be that you can't have two server blocks tagged with:

default_server

So this portion:

    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

Would become:

    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

i.e. default_server is stripped out.

Hey, @jtittle

In the default block file i have:

# SSL configuration
    #
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      include snippets/ssl-radha.org.br.conf;
          include snippets/ssl-params.conf;

In the arun block file i'll have:

# SSL configuration
    #
    # listen 443 ssl http2;
    # listen [::]:443 ssl http2;
    #  include snippets/ssl-i'd-set-arun.com.br.conf;
        #  include snippets/ssl-params.conf;

In the directory snippets there is no arun.com.br.conf there...

I'll uncomment these lines...

:)

Hey, @jtittle

In this portion in the default file:

location ~ /.well-known {
                allow all;
        }

In the arun block file i have:

# location ~ /.well-known {
        #        allow all;
        #}

I´ll uncomment these lines, right?

@jtittle , hey

The command has been given:

letsencrypt certonly -d yourdomain.com -d www.yourdomain.com

In the end of the 'trackback' there is an error:

IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'

Thank you so much for helping!

I am excited to see this working!

In gratitude!!

I did it @jtittle !!

Thank you!!

  • @Areku

    Awesome :-). Glad to hear!

    Sorry I didn't reply sooner, I didn't see the alert on this post even though I was tagged.

Have another answer? Share your knowledge.