SSL Domains subdomain and ssl

Any reason posting all the questions in private forum ? You'd get more eyeballs from other users who can also help answer your more general questions and provide insight

adding letsencrypt for subdomain site is same as for domain site, just when prompted for domain name on centmin.sh menu option 2 or 22, enter the subdomain.domain.com rather than domain.com

 

You currently can't automate parking one HTTPS SSL cert enabled domain (yourparkeddomain.com) or subdomain on top of another HTTPS SSL cert enabled domain (domain.com) as you need for each domain to have it's own SSL certificate reference and Centmin Mod 123.09beta01 can only do one domain Letsencrypt SSL certificate issuance per centmin.sh menu option 2, 22 or nv command runs. See below instructions for Parked HTTPS SSL Domains.

Parked HTTPS SSL Domains

Parked domains meaning different domains and/or subdomains all point to same IP address and site content when accessed in a web browser. These methods outlined below are NOT for multiple domains pointing to different site/content.

As there's no way to automate such you have 2 manual methods available

Manual Method 1 - Do manual Nginx vhost creation via the underlying acme.sh client. If you have not yet created any of the intended domains/nginx vhosts, you can use addons/acmetool.sh directly via SANS Multi-Domain SSL Certificates method. Otherwise, if some or all intended domains/nginx vhosts have already been created then use manual method as discussed in steps in this post here and here.

Manual Method 2 - create a domain Nginx HTTPS vhost site for each domain.

It would be a manual process which involves creating the parked domain's own Nginx HTTPS SSL cert enabled vhost via centmin.sh menu option 2 or nv command and setting it up with valid working DNS A records for domain's www and non-www versions if main domain or DNS A for subdomain and ensure it's working and select letsencrypt option with live default HTTPS SSL cert and then editing it's nginx config file at /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and then just changing root path to your origin domain's root

in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf change it's default public web root path from

Code (Text):

root /home/nginx/domains/yourparkeddomain.com/public

to

Code (Text):

root /home/nginx/domains/domain.com/public

which now matches the public web root for domain.com nginx vhost listed in domain.com nginx vhost config file at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf

now both yourparkeddomain.com and domain.com public web root paths point to /home/nginx/domains/domain.com/public so access via the domains will serve files located in /home/nginx/domains/domain.com/public. It does mean that any configurations you manually setup in /usr/local/nginx/conf/conf.d/domain.com.ssl.conf need to be replicated in /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf.

you can use common include file templates you set to make it easier i.e. if in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf you have a custom location content like

Code (Text):

location /test {
  include /usr/local/nginx/conf/php.conf;
  try_files $uri $uri/ /index.php
}

you could place that location /test context into a custom template file you create at /home/nginx/domains/domain.com/common_includes.conf and reference it in both /usr/local/nginx/conf/conf.d/yourparkeddomain.com.ssl.conf and /usr/local/nginx/conf/conf.d/domain.com.ssl.conf as

Code (Text):

include /home/nginx/domains/domain.com/common_includes.conf;

Final note in origin domain's nginx vhost at /usr/local/nginx/conf/conf.d/domain.com.ssl.conf also add canonical header to ensure search engines visiting domain.com know content is originally at domain.com to prevent search engines from flagging yourparkeddomain.com content as duplicated content.

Code (Text):

add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";

i.e. placing the header just below existing add_header entries in default nginx vhost config for HTTPS SSL domains

Code (Text):

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  add_header Link "<http://domain.com$request_uri>; rel=\"canonical\"";

then restart nginx and php-fpm services

Code (Text):

nprestart

To confirm just run curl command in SSH against your domain i.e. curl headers and grep filter for word canonical

Code (Text):

curl -sI https://domain.com | grep canonical

output would be something like

Code (Text):

curl -sI https://domain.com | grep canonical
Link: <http://domain.com/>; rel="canonical"

 

you'd use method 1's highlighted in bold part links via manual acme.sh commands