Good day , Thank you again for helping me out!
This morning Joulinar
- I start and use the empty config file from
nano /etc/nginx/sites-enabled/default
# /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
index index.php index.html index.htm index.nginx-debian.html;
server_name "$hostname";
include /etc/nginx/sites-dietpi/*.conf;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
include snippets/fastcgi-php.conf;
fastcgi_pass php;
}
}
Did a reboot to be sure
- Run the DietPi-LetsEncrypt
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for hemertje.com and nextcloud.hemertje.com
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
Enhancement Strict-Transport-Security was already set.
Enhancement Strict-Transport-Security was already set.
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/default
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://YourDomain.com and
https://YourDomain.hemertje.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/YourDomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/YourDomain.com/privkey.pem
Your certificate will expire on 2023-03-31. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[ INFO ] DietPi-LetsEncrypt | Applying HTTPS domain to known web application configs
[ OK ] DietPi-LetsEncrypt | sed -i s|'http://localhost/nextcloud'|'https://YourDomain.com/nextcloud'| /var/www/nextcloud/config/config.php
[ OK ] DietPi-LetsEncrypt | Desired setting in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf was already set: add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
[ OK ] DietPi-LetsEncrypt | systemctl restart nginx
Press any key to return to the DietPi-LetsEncrypt menu ...
The config /etc/nginx/sites-available/default now looks like
# /etc/nginx/sites-available/default
server {
root /var/www;
index index.php index.html index.htm index.nginx-debian.html;
server_name YourDomain.com;
include /etc/nginx/sites-dietpi/*.conf;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
include snippets/fastcgi-php.conf;
fastcgi_pass php;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/YourDomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YourDomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/YourDomain.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
root /var/www;
index index.php index.html index.htm index.nginx-debian.html;
server_name nextcloud.YourDomain.com; # managed by Certbot
include /etc/nginx/sites-dietpi/*.conf;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
include snippets/fastcgi-php.conf;
fastcgi_pass php;
}
listen [::]:443 ssl ; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/YourDomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YourDomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/YourDomain.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = YourDomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name YourDomain.com;
return 404; # managed by Certbot
}
server {
if ($host = nextcloud.YourDomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name nextcloud.YourDomain.com;
return 404; # managed by Certbot
}
- you should have HTTPS access to Nginx default web site on both, domain and sub domain
Yes indeed
Until here I see the domain and sub domain
4-9 gaves me problems this morning
Will look further next year
Guten rutsch ins neue jahr !