How to add certificate for sub-domain using Lets Encrypt
I have an NGINX server where I am trying to add SSL using Let's Encrypt .
My development settings are as follows:
url : dev.domain.in
root: /var/www/dev/html
The Production is as follows:
url : domain.in
root: /var/www/production/html
So in my nginx default page I have two server blocks one for development and another for production
I want to give one certificate for both the servers.
I know according to the Let's Encrypt website the command is as follows
cd /opt/letsencrypt ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
But this can be done only if the SUBDOMAIN has the same webroot which not true in my case.
So how I can add the CERT for both here
Please help me out
Answer
I use a common webroot across all of my virtual hosts on my nginx box.
/opt/certbot/certbot-auto certonly --webroot --agree-tos -w /srv/www/letsencrypt/ \
-d example.com,www.example.com
... and in nginx I have snippets/letsencrypt.conf:
location ~ /.well-known {
root /srv/www/letsencrypt;
allow all;
}
... which gets included in my server block for each site.
The files in the .well-known directory are temporary - they only exist for long enough for the authorisation process to complete and are then removed.
Once registration is successful, I then include the certificate definition in the server block via include ssl/example.com.conf; where that file contains the following:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
... along with the relevant listen directives to enable SSL on port 443.
You can include the same definition in multiple server blocks.
I have additional subdomains as SANs in my certificate as well and I have separate server blocks for example.com, www.example.com and also other subdomains like click.example.com - all using the same certificate.