Home / server / Questions / 999773
In Process
Micromegas
Asked: 2020-01-22 05:31:03 +0800 CST

Add primary domain to Lets Encrypt for nginx configuration

  • 772

I am running an app with a dockerized nginx on an EC2 instance and configured my ssl with Let’s Encrypt. Now I would like another primary domain to that certificate but I fail in doing so. When I run

sudo docker run -it --rm -v /docker-volumes/etc/letsencrypt:/etc/letsencrypt -v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt -v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt -v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" certbot/certbot certonly --webroot --email myemail --agree-tos --no-eff-email --webroot-path=/data/letsencrypt -d mydomain.de -d www.mydomain.de -d anotherdomain.com -d www.anotherdomain.com

it fails. If I run the command without anotherdomain.com -d www.anotherdomain.com it succeeds in renewing my certificates.

Can I extend the certificate for primary domains in letsencrypt or is that only possible for subdomains? Or could there be a problem with the .dev domain because of strict https? Or do I need to change my configs of my nginx somehow?

My config: server {

listen 443 ssl; server_name mydomain.de; charset utf-8; ssl_stapling off; ssl_stapling_verify off;

ssl_certificate /etc/letsencrypt/live/mydomain.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mydomain.de/privkey.pem; set $my_host $http_host; if ($http_host = "mydomain.de") { set $my_host "mydomain.de"; }

location / {
    proxy_pass http://django:5000;
    proxy_set_header Host $my_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

server { listen 80 ; server_name mydomain.de; return 301 https://mydomain.de$request_uri; } server { listen 80 ; server_name www.mydomain.de; return 301 https://mydomain.de$request_uri; } server { listen 443 ; server_name www.mydomain.de; return 301 https://mydomain.det$request_uri; ssl_stapling off; ssl_stapling_verify off;

    ssl_certificate  /etc/letsencrypt/live/ mydomain.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ mydomain.de/privkey.pem;

}

Really appreciate any kind of help on this. Thanks so much in advance.

ubuntu

0 Answers