<\/p>\n
Multiple domains can be hosted with nginx server blocks. Below I give an example of how to generate a shared SSL certificate from Let’s Encrypt, and how to setup two server blocks to use a shared SSL certificate.<\/p>\n
Assuming you use Let’s Encrypt as your CA authority, generate a SSL certificate for the domains:<\/p>\n
Alternatively, if your not using Let’s Encrypt as your CA, read up\u00a0the docs\u00a0http:\/\/nginx.org\/en\/docs\/http\/configuring_https_servers.html take a pause to note:<\/p>\n The SSL certificate needs to contain several names, in the Now I assume you have the SSL certificate generated.<\/p>\n Update the two server blocks\u00a0 Note the folder that contains the SSL certificates Additional references:<\/p>\n <\/p>\n https:\/\/www.digitalocean.com\/community\/questions\/letsencrypt-for-multiple-domains-on-nginx<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Multiple domains can be hosted with nginx server blocks. Below I give an example of how to generate a shared SSL certificate from Let’s Encrypt, and how to setup two server blocks to use a shared SSL certificate. Assuming you use Let’s Encrypt as your CA authority, generate a SSL certificate for the domains: … Continue reading Nginx hosting multiple domains with a single SSL certificate from Let’s Encrypt<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-702","post","type-post","status-publish","format-standard","hentry","category-thoughts"],"_links":{"self":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/comments?post=702"}],"version-history":[{"count":1,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/702\/revisions"}],"predecessor-version":[{"id":703,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/posts\/702\/revisions\/703"}],"wp:attachment":[{"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/media?parent=702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/categories?post=702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunapi386.ca\/wordpress\/wp-json\/wp\/v2\/tags?post=702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sudo letsencrypt certonly -a webroot --webroot-path=\/var\/www\/default\/html\/ -d example.org -d example.com<\/code><\/p>\nSubjectAltName<\/code> certificate field, for example, you might want to have example.com<\/code> and example.org<\/code> domains. Note the SubjectAltName<\/code> field length is limited, to about 1000 characters IIRC.<\/p><\/blockquote>\n\/etc\/nginx\/sites-available\/example.com<\/code> and \/etc\/nginx\/sites-available\/example.org<\/code> accordingly. A \/etc\/nginx\/sites-available\/default<\/code> is not need. See the diff:<\/p>\nserver { server {\r\n listen 80; listen 80;\r\n listen [::]:80; listen [::]:80;\r\n server_name example.com; | server_name example.org;\r\n return 301 https:\/\/$server_name$request_uri; return 301 https:\/\/$server_name$request_uri;\r\n} }\r\nserver { server {\r\n server_name example.com; | server_name example.org;\r\n listen 443 ssl http2; listen 443 ssl http2;\r\n listen [::]:443 ssl http2; listen [::]:443 ssl http2;\r\n\r\n ssl_certificate \/etc\/letsencrypt\/live\/default\/fullchain.pem ssl_certificate \/etc\/letsencrypt\/live\/default\/fullchain.pem\r\n ssl_certificate_key \/etc\/letsencrypt\/live\/default\/privkey.p ssl_certificate_key \/etc\/letsencrypt\/live\/default\/privkey.p\r\n include snippets\/ssl-params.conf; include snippets\/ssl-params.conf;\r\n\r\n root \/var\/www\/example.com\/html; | root \/var\/www\/example.org\/html;\r\n index index.php index index.php \r\n location \/ { location \/ {\r\n try_files $uri $uri\/ \/index.html =404; try_files $uri $uri\/ \/index.html =404;\r\n autoindex on; autoindex on;\r\n } }\r\n location ~ \/.well-known { location ~ \/.well-known {\r\n allow all; allow all;\r\n } }\r\n location ~ \\.php$ { location ~ \\.php$ {\r\n include snippets\/fastcgi-php.conf; include snippets\/fastcgi-php.conf;\r\n fastcgi_pass unix:\/var\/run\/php5-fpm.sock; fastcgi_pass unix:\/var\/run\/php5-fpm.sock;\r\n } }\r\n} }\r\n\r\n<\/code><\/pre>\n\/etc\/letsencrypt\/live\/default\/<\/code>. You may need rename the folders that letsencrypt<\/code> generated.<\/p>\n