Welcome to Centmin Mod Community
Become a Member

Nginx SSL Add subdomain to existing domain

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by ElChorizo, Jul 12, 2022.

  1. ElChorizo

    ElChorizo New Member

    17
    2
    3
    Apr 29, 2021
    Ratings:
    +3
    Local Time:
    8:42 AM
    1.19.10
    10.3.28
    I'm trying to add a subdomain to an existing, working lived setup. I just want acmetool to create a certificate and add it to the existing ones. The ssl.conf file is already set up and the new subdomain has been added to the conf file but of course it errors out with an https error because there is no certificate for it.

    I just need to add forum.domain.com to the existing domain.com and www.domain.com


    All names point to Website Domain Names, Online Stores & Hosting - Domain.com

    What is the easiest way to do this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    49,301
    11,296
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,576
    Local Time:
    11:42 PM
    Nginx 1.21.x
    MariaDB 10.x
    You currently can't automate parking one HTTPS SSL cert enabled domain (yourparkeddomain.com) on top of another HTTPS SSL cert enabled domain (domain.com) as you need for each domain to have it's own SSL certificate reference and Centmin Mod 124.00stable or 130.00beta01 or higher can only do one domain Letsencrypt SSL certificate issuance per centmin.sh menu option 2, 22 or nv command runs. However, see below for manual instructions for Parked HTTPS SSL Domains.

    Parked HTTPS SSL Domains



    Parked domains mean different domains and/or subdomains all point to the same IP address and site content when accessed in a web browser. These methods outlined below are NOT for multiple domains pointing to different site/content. So this is NOT for setting up forum.domain.com/blog.domain.com and domain.com serving different content. If you need to serve different content, create a separate Nginx vhost site via centmin.sh menu option 2, 22 or nv command runs for forum.domain.com/blog.domain.com and domain.com.

    As there's no way to automate such you have 2 manual methods available to setup parked HTTPS enabled SSL certificate based domains pointing to the same site content.

    Manual Method 1 - Do manual Nginx vhost creation via the underlying acme.sh client. If you have not yet created any of the intended domains/nginx vhosts, you can use addons/acmetool.sh directly via SANS Multi-Domain SSL Certificates method. Otherwise, if some or all intended domains/nginx vhosts have already been created then use manual method as discussed in steps in this post here and here.

    Manual Method 2 - create a domain Nginx HTTPS vhost site for each domain.

    It would be a manual process which involves creating the parked domain's own Nginx HTTPS SSL cert enabled vhost via centmin.sh menu option 2 or nv command and setting it up with valid working DNS A records for domain's www and non-www versions if main domain or DNS A for subdomain and ensure it's working and select letsencrypt option with live default HTTPS SSL cert and then editing it's nginx config file at /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and then just changing root path to your origin domain's root

    in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf change it's default public web root path from
    Code (Text):
    root /home/nginx/domains/yourparkeddomain.com/public

    to
    Code (Text):
    root /home/nginx/domains/domain.com/public

    which now matches the public web root for domain.com nginx vhost listed in domain.com nginx vhost config file at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf

    now both yourparkeddomain.com and domain.com public web root paths point to /home/nginx/domains/domain.com/public so access via the domains will serve files located in /home/nginx/domains/domain.com/public. It does mean that any configurations you manually setup in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf need to be replicated in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf.

    you can use common include file templates you set to make it easier i.e. if in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf you have a custom location content like
    Code (Text):
    location /test {
      include /usr/local/nginx/conf/php.conf;
      try_files $uri $uri/ /index.php
    }

    you could place that location /test context into a custom template file you create at /home/nginx/domains/domain.com/common_includes.conf and reference it in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf as
    Code (Text):
    include /home/nginx/domains/domain.com/common_includes.conf;

    Final note in origin domain's nginx vhost at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf also add canonical header to ensure search engines visiting domain.com know content is originally at domain.com to prevent search engines from flagging yourparkeddomain.com content as duplicated content.
    Code (Text):
    add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";
    

    i.e. placing the header just below existing add_header entries in default nginx vhost config for HTTPS SSL domains
    Code (Text):
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";
    

    then restart nginx and php-fpm services
    Code (Text):
    nprestart

    To confirm just run curl command in SSH against your domain i.e. curl headers and grep filter for word canonical
    Code (Text):
    curl -sI https://domain.com | grep canonical
    

    output would be something like
    Code (Text):
    curl -sI https://domain.com | grep canonical
    Link: <http://domain.com/>; rel="canonical"
    
     
  3. ElChorizo

    ElChorizo New Member

    17
    2
    3
    Apr 29, 2021
    Ratings:
    +3
    Local Time:
    8:42 AM
    1.19.10
    10.3.28
    Thank you so much for your help. Much appreciated.