Someone guide me in setting up Let's Encrypt in additional site in same Nginx VPS?

March 29, 2017 321 views
Let's Encrypt Nginx Security Ubuntu 16.04


My one site is fine, with Certificate working. I intend to make an additional domain also https. Someone so kind to guide me into this?

I just completed a tutorial
and set all up for this new site with success! The only thing is that this new site is actually online in another server. I am preparing everything to bring it to my VPS in DO. I can't point it's domain to DO yet. I want to prepare everything so that i can either redo or migrate it to DO.

Thanks a lot for any help or suggestion!!!

11 Answers


The issue with LetsEncrypt is that it needs to resolve the domain to the server you intend on using the certificate on, so if the domain doesn't resolve to your Droplet, where you intend on setting up an SSL certificate, then LE won't work.

You'll need to change the DNS on the domain to point to the Droplet, setup the server block(s) for the domain, and then use LE to generate the SSL Certificate.

Once you've done this, it's simply a matter of using the same configuration settings as you did for the current domain for SSL and changing the path to match your new domains SSL Certificate.


SSL Certificates are IP specific, meaning you can't generate a CSR on one host for a domain that points to an IP on another. This is why the DNS must point to the Droplet when you run LE.

Once the DNS is pointing to the Droplet, it's a matter of running:

letsencrypt certonly -d -d
  • Hmmmm, forgive-me for my ignorance.

    Is it possible that the two domains will be https?

    letsencrypt certonly -d -d -d -d

    Like this?

    • @Areku

      Yes, you can pass multiple domains :-), though the domains need to resolve to the Droplet that you're running LE from. If they don't resolve, LE will fail.

My sincere thanks to your attention.



Hope you are still for this issue. My domain is alive.
Now i'd love to see my site showing the 'secure' sign in browser, like in my other domain

Do we have to make modifications in the server block file of the additional site,

and then make this command?

letsencrypt certonly -d -d


Each domain that you want to secure with SSL will need to have it's own server block and SSL Cert, so you would need to run that command for each domain. After running the command, you'd modify the server block for the domain as you did the other and adjust the path to the SSL certificate files.



If it is possible for you to help, which steps of this tutorial i should redo to my new domain and which steps i should not redo?

Gratitude OM

In this tutorial, we will show you how to use Let's Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 16.04. We will also show you how to automatically renew your SSL certificate. If you're running a different web server, simply follow your web server's documentation to learn how to use the certificate with your setup.


If you've already setup your previous server block and it's working, and you're simply wanting to setup a new one, you'd simply copy the existing over to a new file and modify it to match the new domain.

You'd modify these directives:


The rest of the configuration is really dependent on your setup. Those are the only directives that will change behavior in terms of responding to requests for the domain, where files are pulled from, and where your certificate files are.

The only other thing to note would be that you can't have two server blocks tagged with:


So this portion:

    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

Would become:

    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

i.e. default_server is stripped out.

Hey, @jtittle

In the default block file i have:

# SSL configuration
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      include snippets/;
          include snippets/ssl-params.conf;

In the arun block file i'll have:

# SSL configuration
    # listen 443 ssl http2;
    # listen [::]:443 ssl http2;
    #  include snippets/ssl-i';
        #  include snippets/ssl-params.conf;

In the directory snippets there is no there...

I'll uncomment these lines...


Hey, @jtittle

In this portion in the default file:

location ~ /.well-known {
                allow all;

In the arun block file i have:

# location ~ /.well-known {
        #        allow all;

I´ll uncomment these lines, right?

@jtittle , hey

The command has been given:

letsencrypt certonly -d -d

In the end of the 'trackback' there is an error:

IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log'

Thank you so much for helping!

I am excited to see this working!

In gratitude!!

I did it @jtittle !!

Thank you!!

  • @Areku

    Awesome :-). Glad to hear!

    Sorry I didn't reply sooner, I didn't see the alert on this post even though I was tagged.

Have another answer? Share your knowledge.