I have two websites but I think the problem goes with SNI (I'm not sure).
When I enable the first website (rather an old one in compare to the second) with SSL, it works fine.
But the issue is if I enable the second one with SSL, only the second website works fine. And the first website shows an insecure website error (it loads certificates from the second website and therefore one.com in fact shows second.com).
Here is my site.conf file (both sites have similar contents):
server { listen 80; server_name example.com return 301
}
server { listen 443 ssl; root /home/example; ssl_certificate /etc/letsencrypt/live/ ssl_certificate_key /etc/letsencrypt/live/ access_log /var/log/nginx/example_access_log; error_log /var/log/nginx/example_error_log; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }
}What should I do for this?
1 Answer
Your server{} blocks are missing the server_name setting. That's how Nginx chooses which server block to use – both for the TLS certificate from SNI, and for the actual website from HTTP Host.
server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name example.com; ssl_certificate /etc/letsencrypt/live/ ...
}
server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; server_name another.example.com; ssl_certificate /etc/letsencrypt/live/ ...
}
