Nginx multiple domains SSL is a digital security certificate that allows multiple hostnames protected by a single certificate.
However, improper redirection settings, misconfiguration of the Nginx file, and wrong SSL port entry in the configuration file cause problems.
As part of our Server Management Services, we often get requests from our customers to resolve problems with Nginx multiple domains SSL.
Today, let us focus on the top 3 common issues it causes and how our Support Engineers fix them.
SAN certificate & it’s salient features
Nginx multiple domains SSL is also known as SAN (Subject Alternative Names) certificate.
The SAN certificate secures multiple fully qualified domain names with a single certificate. It is well known as a Unified Communication Certificate (UCC) or an Exchange certificate.
A single SAN certificate allows protecting multiple subdomains like www.domain.com, example.domain.com, www.domain.net.
Some of the important features include,
- Can secure up to 2000 entries.
- Can use on unlimited multiple servers concurrently.
- It can reissue to change domains at any time without extra fees or costs.
Nginx multiple domains SSL – Common errors and fixes
From our experience in managing servers, we’ve come across customers who report us with errors in Nginx multiple domains SSL.
Let’s take a closer look at 3 of the common errors it causes and how our Support Engineers figure them out.
-
Improper redirection setting
Recently we had a customer reporting that once he set the redirection of the subdomains (domain2.com,domain3.com) to the main domain (domain1.com), he couldn’t access the main domain with HTTPS.
For redirection to work properly we need to configure it correctly. So, to solve this problem we took the following steps.
Initially, we open the Nginx configuration file /etc/nginx/nginx.conf.
Then we create https server blocks for every subdomain.
In order to do that, we add the following code in the configuration file:
server {
listen *:443 ssl;
server_name domain1.com;
ssl_certificate /path/to/domain1.crt;
ssl_certificate_key /path/to/domain1.key;
return 301 https://www.domain1.com$request_uri;
}
server {
listen *:443 ssl;
server_name domain2.com www.domain2.com;
ssl_certificate /path/to/domain2.crt;
ssl_certificate_key /path/to/domain2.key;
return 301 https://www.domain1.com$request_uri;
}In addition, we verify the syntax by running the command:
nginx -tFinally, we restart the service to reflect the changes made in the configuration file.
service nginx restartThis fixed the problem and the user could redirect the subdomain to the main domain which worked properly.
-
Misconfiguration of Nginx file
Similarly, another customer reported us with another issue. When he tries to access the subdomain (domain2.com), it results in the error, “502 bad gateway, Welcome to Nginx, further configuration is required, too many redirects”
Our Support Engineers executed the following steps to fix the error.
Initially, we open the /etc/nginx/nginx.conf file.
After checking the configuration file we found that because of the proxy, the subdomain redirects HTTP instead of HTTPS.
So, we removed all the proxy line from the subdomain’s configuration file.
Similarly, the parameter return and try_files cannot take place together with the current set up on port 80 as shown below.
server {
listen 80;
server_name domain2.com www.domain2.com;
return 301 https://$server_name$request_uri;
location / {
try_files $uri $uri/ =404;
}So we remove it and finally, the subdomain configuration setting will look like:
server {
listen 80;
server_name domain2.com www.domain2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name domain2.com www.domain2.com;
root /home/Bas/domain2;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
location / {
try_files $uri $uri/ =404;
}
}This solved the error and the user could access the subdomain without any error.
-
Wrong entry of SSL port
Occasionally, a wrong entry or incorrect SSL port added in the configuration file causes trouble in accessing the domain.
One of our customers reported that when he tries to access the domain with HTTPS it shows the wrong content or page.
Our first step was to check the Nginx configuration file.
By analyzing, we found that in the Nginx configuration file, /etc/nginx/nginx.conf the entry for SSL port was mistyped as “433”. Hence, it always results in the wrong page.
SSL uses port 443 to listen. By giving the right value for port SSL we were able to resolve this issue.
server {
listen 80;
listen 443 ssl;
server_name example.com;
}Once we edit, we restart the service.
[Having trouble with Nginx multiple domains SSL? We’ll fix it for you.]
Conclusion
To sum up, the multi-domain SSL certificate offers security for multiple websites. Today, we saw the top 3 common issues with “Nginx multiple domains SSL” and how our Support Engineers fixed them.
0 Comments