I used certbot to set up an SSL certificate for my primary domain name and things were working well. I then added a certificate for a subdomain, and now the browser is telling me ERR_TOO_MANY_REDIRECTS for both URLs.
I figure something amiss in the nginx server block, but I don’t quite know what it is; everything looks look to me and sudo nginx -t check out.
Here’s how I added the certificates:
certbot -d tes.fm, www.tes.fm, office.tes.fm --expand
Here’s my server block. Does anything look out of place here?
# NextJS
server {
server_name tes.fm www.tes.fm;
root /var/www/tes-site;
index index.html index.htm index.nginx-debian.html;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tes.fm/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tes.fm/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 404; # managed by Certbot
}
# Statamic CMS
server {
server_name office.tes.fm;
root /var/www/tes-cms/public;
index index.php;
charset utf-8;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/tes.fm/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/tes.fm/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.tes.fm) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = tes.fm) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name tes.fm www.tes.fm;
return 404; # managed by Certbot
}
server {
if ($host = office.tes.fm) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name office.tes.fm;
return 404; # managed by Certbot
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hi there @asmithesq,
This actually all looks correct, did you try restarting Nginx to make sure that the new rules are in place?
Best, Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.