1

I've got two domains both with SSL certs on one nginx instance. I'm trying to redirect http to https and removing www hostname on both domains i.e. http://www.site1.com redirects to https://site1.com

What I've got at the moment, http://site1.com redirects fine and issues the correct cert, however http://www.site1.com issues the SSL cert from site2.com and doesn't redirect without www. site2 works fine for all redirects and issues teh correct certs. I think it has to do with me using "default" in the SSL config for site2, however if I remove it both sites then return connection refused errors.

Here's the configs

/etc/nginx/sites-available/site1

upstream site1.com { server unix:/home/site1.com/site1.com.sock; } server { listen 80; server_name site1.com www.site1.com; return 301 https://site1.com$request_uri; } server { listen 443 ssl; server_name www.site1.com; return 301 https://site1.com$request_uri; } server { listen 80; server_name site1.com; # SSL configuration listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-site1.com.conf;

/etc/nginx/sites-available/site2

upstream site2 { server unix:/home/site2/site2.sock; } server { listen 80; server_name site2.com www.site2.com site2.co.uk www.site2.co.uk; return 301 https://site2.com$request_uri; } server { listen 443 ssl; server_name www.site2.com; return 301 https://site2.com$request_uri; } server { listen 80; server_name site2.com; # SSL configuration listen 443 ssl default http2; listen [::]:443 ssl default http2; include snippets/ssl-site2.com.conf; include snippets/ssl-params.conf;
Improve this question
4
  • http://www.site1.com does not issue any certificate since it is only a HTTP connection. Did you mean https://www.site1.com? What is the CURL output of the request to http://www.site1.com and https://site1.com? Commented Mar 13, 2017 at 9:10
  • @TeroKilkanen I'm trying to get http://www.site1.com to redirect to https://site1.com. Curl to http://www.site1.com is 301 moved permanently and curl to https://site1.com returns the page and cert correctly Commented Mar 13, 2017 at 9:20
  • Just been doing some more research, i'm using the same IP for both domains, is this the issue as SSL doesn't play well with two virtual hosts on the same IP? Commented Mar 13, 2017 at 9:22
  • CURL for https://www.site1.com returns curl: (51) SSL: certificate subject name (site2.com) does not match target host name 'www.site1.com' Commented Mar 13, 2017 at 9:32

1 Answer 1

Reset to default
3

You do not have certificates defined for the www.site1.com and www.site2.com server blocks so nginx is probably using whichever certificate was loaded first in the configuration.

Your certificates are presumably defined in the snippets/ssl-site1.com.conf and snippets/ssl-site2.com.conf files.

Assuming that your certificates are valid for the www. variant of the domain name, those statements need to be included in the other server blocks.

For example:

server { listen 443 ssl; server_name www.site1.com; include snippets/ssl-site1.com.conf; return 301 https://site1.com$request_uri; }
Improve this answer
2
  • Wish I saw this answer a few seconds earlier. I've got it working but by using letsencrypt to issue a multi-domain certificate for site1.com and site2.com. I assumed because SSL isn't meant to work well for multiple certificates/virtual hosts on one IP that a multi certificate, vs using two seperate certs, was the only way to go? Commented Mar 13, 2017 at 9:59
  • It hasn't been the only way to go for years, SSL has supported virtual hosts for a long time. Commented Mar 13, 2017 at 13:34

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.