Hello! On Mon, Aug 29, 2016 at 04:03:10AM -0400, NuLL3rr0r wrote:
[...] > So make the long story short; The problem is no matter what I do nginx > stubbornly serve's the wrong cert: > > $ curl --insecure -v https://babaei.net 2>&1 | awk 'BEGIN { cert=0 } > /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }' > * Server certificate: > * subject: CN=babaei.net > * start date: Aug 28 13:30:00 2016 GMT > * expire date: Nov 26 13:30:00 2016 GMT > * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 > * SSL certificate verify ok. > * Connection #0 to host babaei.net left intact > > $ curl --insecure -v https://learnmyway.net 2>&1 | awk 'BEGIN { cert=0 } > /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }' > * Server certificate: > * subject: CN=babaei.net [...] > So, let's say we have two domains alpha.com and omega.com. How would you > configure SNI enabled nginx to serve the right SSL cert for each? > > server { > server_tokens off; > > listen 443 ssl http2; > listen [::]:443 ssl http2; > server_name www.alpha.com; Note that the name requested must be listed in the server_name directive. Names not listed are expected to be handled in the default server{} block, and probably this is what happens in your case as you request names without "www", but your configuration contains only names with "www" prefix. Additional reading: http://nginx.org/en/docs/http/server_names.html http://nginx.org/en/docs/http/configuring_https_servers.html > ssl on; > ssl_certificate /path/to/alpha.com/cert.pem; > ssl_certificate_key /path/to/alpha.com/key.pem; Just a side note: "ssl on" is not needed as long as you use "listen ... ssl". -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
