Join the community today
Register Now

SSL Letsencrypt dual ecdsa + rsa ssl certificate questions ?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by upgrade81, May 8, 2018.

  1. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    I would like to create a dual cert, but you can specify the main domain is with the WWW and not without?
    to be more precise: the common name must be with the WWW and the domain (without www) among the alternatives name.


    In the affirmative case, which command do I use to create a dual cert for a host already configured normally with lets encrypt?
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    By default common name contains non-www and subject name alternative (SAN) contains both non-www and www version of domain. So no need to decide which comes first and doesn't matter which comes first.

    Dual cert or single cert mode in Centmin Mod letsencrypt doesn't have any automated way of changing the order of what appears on common name for ssl certs.

    If you want to do it manually instead of automated you can though as per original manual instructions at SSL - Nginx 1.11.0 introduces dual ECDSA + RSA SSL certificate support ! where issue and install of cert both commands you change the order for
    -d domain.com -d www.domain.com so they're reversed.

    For peace of mind and simplicity sake, just work with the current automated method as no one reads much into what version of your domain shows up in ssl cert's common name listing.
     
    • Like Like x 1
  3. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    In theory it is as you say.

    But since I put SSL I get thousands of 404 on the main domain related to pages that are on the forum subdomain.

    I currently use a single Comodo certificate on the main domain, and a lets'encrypt for the single sub domain.

    something, creates confusion in google.

    However, creating only one certificate for the main domain and another for the sub-domain is correct?
     
  4. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yes that is correct so whatever 404 issues you have unrelated. I assume main domain and subdomain have separate nginx vhost sites created via centmin.sh menu option 2, 22 or nv command ? if you do then they should have mix ups.

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of both main domain and subdomain site's vhost config files

    i.e.
    • /usr/local/nginx/conf/conf.d/domain.com.conf and if applicable /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
    • /usr/local/nginx/conf/conf.d/subdomain.domain.com.conf and if applicable /usr/local/nginx/conf/conf.d/subdomain.domain.com.ssl.conf

    wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    curl -I https://subdomain.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    curl -I http://subdomain.domain.com
    


    wrap output in CODE tags
     
  5. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    Not only are they on separate vhost but also on different Virtual Machines.

    I checked the nginx configuration files several times and everything is ok. Anyway I'll paste the various results of Curl.

    This problem has been doing it for almost a year now.

    I am attaching a screen.
    On the forum of google search consolle they told me to wait 1 month which was due to an initial misconfiguration of the server (https) and google had indexed all these wrong urls, the problem is that now almost 1 year has passed.


    Code (Text):
    curl -I https://domain.it
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 07 May 2018 22:27:36 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Expires: Mon, 07 May 2018 23:27:36 GMT
    Cache-Control: max-age=3600
    Location: https://www.domain.it/
    Server: nginx
    X-Cache: MISS
    X-Cache-2: BYPASS
    


    Code (Text):
    curl -I https://www.domain.it
    HTTP/1.1 200 OK
    Date: Mon, 07 May 2018 22:28:22 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Link: <https://www.domain.it/wp-json/>; rel="https://api.w.org/"
    Server: nginx
    X-Cache: MISS
    X-Cache-2: BYPASS
    


    Code (Text):
    curl -I https://forum.domain.it
    HTTP/1.1 200 OK
    Date: Mon, 07 May 2018 22:28:57 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 186705
    Connection: close
    Vary: Accept-Encoding
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Set-Cookie: xf_session=b0982156f5bfc6bac956cf4b33b26030; path=/; secure; HttpOnly
    X-Frame-Options: SAMEORIGIN
    X-Xss-Protection: 1
    Last-Modified: Mon, 07 May 2018 22:28:57 GMT
    Server: nginx
    X-Powered-By: centminmod
    


    Code (Text):
     curl -I http://forum.domain.it
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 07 May 2018 22:29:38 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://forum.domain.it/
    Server: nginx
    X-Powered-By: centminmod
    


    Code (Text):
    curl -I http://domain.it
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 07 May 2018 22:25:56 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.domain.it/
    Server: nginx
    


    Code (Text):
     curl -I http://www.domain.it
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 07 May 2018 22:30:21 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.domain.it/
    Server: nginx
    
     
    Last edited: May 9, 2018
  6. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    curl looks fine maybe it's your nginx rewrite rules ? would need to know each sites nginx vhost config file contents to be sure

    make sure xenforo nginx rewrite urls are correct

    from 404 member urls what does testing curl for one of them return assuming that member url i listed below is correct
    Code (Text):
    curl -I https://forum.domain.it/members/lorenzo-75.45023/
    

    have you verified the listed 404 urls are indeed missing urls ?

    Xenforo usually for member urls at least return 403 permission denied
    Code (Text):
    curl -I https://community.centminmod.com/members/upgrade81.1020/
    HTTP/1.1 403 Forbidden
    Server: Sucuri/Cloudproxy
    Date: Tue, 08 May 2018 10:20:28 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Set-Cookie: xfcmi_session=09d06311bee81d0be9247371dbb0627b; path=/; secure; HttpOnly
    X-Frame-Options: SAMEORIGIN
    X-Xss-Protection: 1
    X-Content-Type-Options: nosniff
    X-Page-Speed: CentminMod PageSpeed
    Cache-Control: max-age=0, no-cache
    X-Sucuri-Cache: BYPASS
    X-Sucuri-ID: 11010
    
     
  7. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    Certainly here are the results and the config.
    Thank you for your time.

    Code (Text):
    curl -I https://forum.DOMAIN.it/members/lorenzo-75.45023/
    HTTP/1.1 200 OK
    Date: Tue, 08 May 2018 10:45:59 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 59235
    Connection: close
    Vary: Accept-Encoding
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-control: private, max-age=0
    Set-Cookie: xf_session=e3d26b3fb051a6733b337f8cb02abf42; path=/; secure; HttpOnly
    X-Frame-Options: SAMEORIGIN
    X-Xss-Protection: 1
    Last-Modified: Tue, 08 May 2018 10:45:59 GMT
    Server: nginx
    X-Powered-By: centminmod
    



    Code (Text):
    cat /usr/local/nginx/conf/conf.d/forum.domain.it.ssl.conf
    
    #x# HTTPS-DEFAULT
     server {
    
       server_name forum.domain.it www.forum.domain.it;
       return 301 https://forum.domain.it$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    #       listen   80;
    #       server_name forum.domain.it www.forum.domain.it;
    #       return 302 https://$server_name$request_uri;
    
    server {
      listen 443 ssl http2 backlog=2048 reuseport fastopen=256;
      server_name forum.domain.it www.forum.domain.it;
    
      include /usr/local/nginx/conf/ssl/forum.domain.it/forum.domain.it.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/forum.domain.it/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      #access_log /home/nginx/domains/forum.domain.it/log/access.log main_ext buffer=256k flush=5m;
      #access_log /home/nginx/domains/forum.domain.it/log/access.log combined;
      error_log /home/nginx/domains/forum.domain.it/log/error.log;
      access_log off;
    
      root /home/nginx/domains/forum.domain.it/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
    
    
    #rewrite VB4redict
    rewrite ^/showthread.php /showthread.php;
    rewrite ^/forumdisplay.php /forumdisplay.php;
    
    location / {
         include /usr/local/nginx/conf/503include-only.conf;
         index index.php index.html index.htm;
         try_files $uri $uri/ /index.php?$uri&$args;
    }
    
     # WEBP Support
        location ~* ^/images/.+\.(png|jpe?g)$ {
        expires 30d;
        add_header Vary "Accept-Encoding";
        add_header Cache-Control "public, no-transform";
        try_files $uri$webp_extension $uri =404;
      }
    
    location ~* ^/styles/.+\.(png|jpe?g)$ {
        expires 30d;
        add_header Vary "Accept-Encoding";
        add_header Cache-Control "public, no-transform";
        try_files $uri$webp_extension $uri =404;
      }
    
    
    location /admin.php {
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            #allow 127.0.0.1;
            #allow YOURIPADDRESS;
            #deny all;
    }
    
    location /install/data/ {
         internal;
    }
    
    location /install/templates/ {
         internal;
    }
    
    location /internal_data/ {
         internal;
    }
    
    location /library/ {
         internal;
    }
    
    # xenforo 2 uncomment / remove hash from next 3 lines
    #location /src/ {
    #     internal;
    #}
    
    
    
    
    location /archive/ {
            return 410;
    }
    
    #pagination thread vbseo redirect
    location ~* ^/[^/]+/[0-9]+-[^\./]+-([0-9]+)\.html$ {
                    rewrite /[^/]+/([0-9]+)-([^\./]+)-([0-9]+)\.html
     https://forum.domain.it/threads/$2.$1/page-$3 permanent;
        }
    #single thread Vbseo redirect
    location ~* ^/[^/]+/[0-9]+-[^\./]+\.html$ {
                    rewrite /([0-9]+)-[^\./]+\.html
     https://forum.domain.it/threads/$1/ permanent;
        }
    
    if ( $request_filename ~ forum.php ) {
    rewrite ^ https://forum.domain.it permanent;
    }
    
    if ( $request_filename ~ dto_garage.php ) {
    return 410;
    }
    
      #include /usr/local/nginx/conf/pre-staticfiles-local-forum.domain.it.conf;
      #include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
    #CUSTOM ERROR PAGE
    error_page 404 /xf_404;
    
      #include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      #include /usr/local/nginx/conf/vts_server.conf;
    
        }
    


    Code (Text):
     cat /usr/local/nginx/conf/conf.d/domain.it.ssl.conf
    #x# HTTPS-DEFAULT
     server {
       listen 80;
       listen [2a00:dcc0:dead:bxxxx::1]:80 ipv6only=on;
       server_name www.domain.it domain.it;
       return 301 https://www.domain.it$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 backlog=2048 reuseport fastopen=256;
      listen [2a00:dcc0:dead:xxxxxxxxxx::1]:443 ssl http2 ipv6only=on;
      server_name www.domain.it domain.it;
    
      ssl_certificate  /usr/local/nginx/conf/ssl/domain.it/domain-SSL.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.it/domain.it.key;
      #include /usr/local/nginx/conf/ssl/domain.it/domain.it.crt.key.conf;  #letsencript
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.it/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate  /usr/local/nginx/conf/ssl/domain.it/COMODO_DV_SHA-256_bundle.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log off;
      #access_log /home/nginx/domains/domain.it/log/access.log combined buffer=256k flush=5m;
      #access_log /home/nginx/domains/domain.it/log/access.log combined;
      error_log /home/nginx/domains/domain.it/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.it/autoprotect-domain.it.conf;
      root /home/nginx/domains/domain.it/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/domain.it/wpcacheenabler_domain.it.conf;
      #include /usr/local/nginx/conf/wpincludes/domain.it/wpsupercache_domain.it.conf;
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/wpincludes/domain.it/rediscache_domain.it.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      try_files $uri $uri/ /index.php?$args;
    
      }
    
    # WEBp Support Ewwwio
        location ~* ^/wp-content/.+\.(png|jpe?g)$ {
        expires 30d;
        add_header Vary "Accept-Encoding";
        add_header Cache-Control "public, no-transform";
        try_files $uri$webp_extension $uri =404;
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/domain.it/htpasswd_wplogin;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        #include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/domain.it/wpsecure_domain.it.conf;
      #include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-domain.it.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      #include /usr/local/nginx/conf/vts_server.conf;
    
    #old rewrite for the 404 error problem
    #rewrite ^/members/(.*)$ https://forum.domain.it/members/$1 permanent;
    #rewrite ^/media/(.*)$ https://forum.domain.it/media/$1 permanent;
    #rewrite ^/attachments/(.*)$ https://forum.domain.it/attachments/$1 permanent;
    #rewrite ^/forum/(.*)$ https://forum.domain.it/forum/$1 permanent;
    #rewrite ^/posts/(.*)$ https://forum.domain.it/posts/$1 permanent;
    #rewrite ^/sezione/(.*)$ https://forum.domain.it/sezione/$1 permanent;
    #rewrite ^/threads/(.*)$ https://forum.domain.it/threads/$1 permanent;
    
    
    }
    
     
    Last edited: May 9, 2018
  8. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Well that member url didn't return 404 so looks fine

    so make sure Google webmaster tools has separate site profiles and sitemaps for main domain.com and forum.domain.com sites. Maybe domain.com site profile has googlebot crawling your forum sitemap too ?
     
  9. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    everything is separate in GWT.

    everything ok in the conf files?

    The only thing missing on the vhost of the forum is the management of the redirect from port 80 but I see that it handles it anyway, however I will have to write the new block as done for the main domain with ipv6.
     
  10. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah from what i can see vhost config look ok and curl header checks redirect to correct displayed 'locations'

    You'd have to figure it out on your own - try testing google webmaster tool's crawl as bot feature and see
     
    • Like Like x 1
  11. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    Unfortunately today I realized that hundreds of 404 are coming in Search Console this time on the main domain without www.

    The same format as the forum url that is in the "forum" sub-domain.

    The only change I made is to put a new Let'encript certificate with ecdsa just for the forum sub-domain.

    I just can not figure out what the hell is happening
     

    Attached Files:

  12. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,841
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,085
    Local Time:
    1:27 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    HTTP 410 not 404 errors 410 Gone

    You're using Sucuri Cloudproxy WAF reverse proxy so it could be that it doesn't support using ECDSA ssl cert on Centmin Mod Nginx backend origin - you'd need to check with Sucuri tech support if they support that.

    Or did you put ECDSA ssl cert uploaded to Sucuri server side for front end Sucuri Cloudproxy ? They maybe don't support that on Sucuri servers either. I only ever used RSA 2048bit SSL with Sucuri front end and Centmin Mod Nginx backend.

    Also redo all troubleshooting steps and commands asked in post 4 above. To verify that SSL cert was setup correctly.
     
  13. upgrade81

    upgrade81 Premium Member Premium Member

    130
    6
    18
    Sep 5, 2016
    Italy
    Ratings:
    +8
    Local Time:
    5:27 PM
    1.13.8
    10
    I do not use waf services, or rev. proxy.

    I do not know why it is so, I configured the errors 410, to get rid of this crap indexed by google.

    I'm about to buy a unique Wildcard certificate of the Comodo because it seems to me the only one that supports ECDSA.
     
..