How do I forward a www subdomain through DDNS and use the domain's certificate? – Ubuntu Nginx Let's Encrypt DDNS

Garet Jax asked:

I think I am missing something simple, but I just can’t see it.

I am running the latest Nginx on a home machine running Ubuntu 20.04 version 2. I have pfsense as my router/firewall running on a different machine. I have setup a DDNS ([my_name].ddns.net) entry to point to my ever changing WAN IP address.

I have a domain name "[my_name].net". I have been able to create a Let’s Encrypt certificate for both domains on my Ubuntu/Nginx machine: [my_name].net and [my_name].ddns.net.

I created a CNAME record mapping "www" to "[my_name].ddns.net" on the site that hosts my domain.

When I access https://[my_name].ddns.net, the website comes up perfectly.

When I access https://www.[my_name].net, the website comes up with a certificate warning because it is pulling the certificate for https://[my_name].ddns.net.

The nginx configuration for the www.[my_name].net website is:

server {
    listen 80;

    root /var/www/html;

    index index.html

    server_name www.[my_name].net;

    location / {
            try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }
}

server {
    root /var/www/html;

    index index.html

    server_name www.[my_name].net;

    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }

    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/www.[my_name].net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.[my_name].net/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

What do I have to do to get Nginx to "see" the redirected URL as www.[my_name].net and not [my_name].ddns.net?

Thanks a bunch.

My answer:


You need to create your Let’s Encrypt certificate with all names.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.