How to add Multiple sites with ipv6 and SSL on Nginx ?

classic Classic list List threaded Threaded
3 messages Options
xrd
Reply | Threaded
Open this post in threaded view
|

How to add Multiple sites with ipv6 and SSL on Nginx ?

xrd
I have three websites on one Linode IP and I want to add ipv6 with SSL

1. Wordpress
2. Django1
3. Django2

All of them have SSL certificates from Letsencrypt and I have test them and
they working.

In testing of SSL I have an error with Mismatch and in Debugging error Curl
error: 51 (SSL_PEER_CERTIFICATE)

So my Nginx block are next :

Wordpress:

> server {
    listen 80;
    listen [::]:80;
    server_name wpexample.org www.wpexample.org;
    return 301 https://www.wpexample.org$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.wpexample.org;
    root /var/www/html/wpexample/src;
    index index.php;
    ssl_certificate /etc/letsencrypt/live/wpexample.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/wpexample.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/wpexample.org/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;


First Django Site

>server {
    listen 80;
    listen [::]:80;
    server_name django1.org www.django1.org;
    rewrite  ^(.*) https://www.django1.org$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name django1.org www.django1.org;
    index index.html index.htm;
    ssl_certificate /etc/letsencrypt/live/django1.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/django1.org/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/django1.org/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;


Second Django Site

>server {
   listen 80;
   listen [::]:80;
   server_name django2.rs www.django2.rs;
   include /etc/nginx/snippets/letsencrypt.conf;
   rewrite  ^(.*) https://django2.rs$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
   server_name django2.rs www.django2.rs;
    index index.html index.htm;
    ssl_certificate /etc/letsencrypt/live/django2.rs/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/django2.rs/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/django2.rs/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;


The problem is comming when I try to test both Django sites with
ssllabs.com

>Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
The error what I see is "Alternative names wpexample.org www.wpexample.org
 MISMATCH"

And this error is comes for both of Django sites when i test them


I have trying to add for both of sites in Nginx blocks **listen [::]:443;
default_server and ipv6conly**  but then my sites are unavailable and it's
shows same Mismatch in testing.

Also I got all A+ for both Django sites in ssllabs.com

Does anyone have an idea how to solve this issues?

Thanks a lot in advance

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285450,285450#msg-285450

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

RE: How to add Multiple sites with ipv6 and SSL on Nginx ?

Reinis Rozitis
> The problem is comming when I try to test both Django sites with ssllabs.com
>
> >Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
> The error what I see is "Alternative names wpexample.org
> www.wpexample.org
>  MISMATCH"

It is normal for clients which don't support SNI (server name indication) and SSLabs tests what happens in such case.

Depending if you need to server web for old clients (like Android 2.3.7, IE 8 / XP, Java 6u45) the only way is to set up a separate IP (both ipv4/ipv6) for each domain, if not - you can ignore the MISMATCH error (also it doesn't impact the SSLabs rating).

rr

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
xrd
Reply | Threaded
Open this post in threaded view
|

Re: RE: How to add Multiple sites with ipv6 and SSL on Nginx ?

xrd
Thank you so much for your answer.
It seems that all things are working now.

Thank you once again.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285450,285508#msg-285508

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx