Thanks for the help. I'm really feeling pretty stupid atm since I can't seem to find & understand a how-to document to get this right :-/
So I have this config server { listen 80 http2 default_server; listen [::]:80 http2 ipv6only=on default_server; server_name _; return 301 https://$host; } server { listen 172.17.0.1:443 ssl http2 default_server; listen [FE80:...:0001]:443 ssl http2 ipv6only=on default_server; server_name _; ssl_trusted_certificate "/etc/ssl/trusted.crt.pem"; ssl_certificate "/etc/ssl/dummy.crt.pem"; ssl_certificate_key "/etc/ssl/dummy.key.pem"; return 444; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 ipv6only=on default_server; server_name _; ssl_trusted_certificate "/etc/ssl/trusted.crt.pem"; ssl_certificate "/etc/ssl/dummy.crt.pem"; ssl_certificate_key "/etc/ssl/dummy.key.pem"; return 444; } server { listen 172.17.0.1:80 http2; listen [FE80:...:0001]:80 http2; server_name example.com www.example.com; location / { return 301 https://example.com$request_uri; } } server { listen 172.17.0.1:443 ssl http2; listen [FE80:...:0001]:443 ssl http2 ipv6only=on default_server; server_name example.com www.example.com; ssl_trusted_certificate "/etc/ssl/trusted.crt.pem"; ssl_certificate "/etc/ssl/chain.crt.pem"; ssl_certificate_key "/etc/ssl/privkey.pem"; add_header Strict-Transport-Security "max-age=315360000; includeSubDomains; preload"; location / {...} } With that config when I try to launch nginx it fails with these errors Aug 09 11:29:21 myhost nginx[10095]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use) If I comment out the IP-less listener # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 ipv6only=on default_server; # server_name _; # ssl_trusted_certificate "/etc/ssl/trusted.crt.pem"; # ssl_certificate "/etc/ssl/dummy.crt.pem"; # ssl_certificate_key "/etc/ssl/dummy.key.pem"; # return 444; # } and try again, I do get a site fail with that "Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for ..." error again. _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx