How to add Multiple sites with ipv6 and SSL on Nginx ?

I have three websites on one Linode IP and I want to add ipv6 with SSL

  1. Wordpress
  2. Django1
  3. Django2

All of them have SSL certificates from Letsencrypt and I have test them and they working.

In testing of SSL I have an error with Mismatch and in Debugging error Curl error: 51 (SSL_PEER_CERTIFICATE)

So my Nginx block are next :

Wordpress:

server {
listen 80;
listen [::]:80;
server_name wpexample.org www.wpexample.org;
return 301 https://www.wpexample.org$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.wpexample.org;
root /var/www/html/wpexample/src;
index index.php;
ssl_certificate /etc/letsencrypt/live/wpexample.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpexample.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wpexample.org/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

First Django Site

server {
listen 80;
listen [::]:80;
server_name django1.org www.django1.org;
rewrite ^(.*) https://www.django1.org$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name django1.org www.django1.org;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/django1.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/django1.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/django1.org/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

Second Django Site

server {
listen 80;
listen [::]:80;
server_name django2.rs www.django2.rs;
include /etc/nginx/snippets/letsencrypt.conf;
rewrite ^(.*) https://django2.rs$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name django2.rs www.django2.rs;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/django2.rs/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/django2.rs/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/django2.rs/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;

The problem is comming when I try to test both Django sites with ssllabs.com

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
The error what I see is "Alternative names wpexample.org www.wpexample.org MISMATCH"

And this error is comes for both of Django sites when i test them

I have trying to add for both of sites in Nginx blocks listen [::]:443; default_server and ipv6conly but then my sites are unavailable and it's shows same Mismatch in testing

Does anyone have an idea how to solve this issues?

Thanks a lot in advance

1 Reply

Given the information that you have provided it seems most likely that the source of your issues is the related to the configuration of the SSL rather than the fact that they are on IPv6.

CuRL SSL error 51 is most commonly due to either OpenSSL being out of date (unlikely considering you just set this up) or that the hostname and the URL don't match.

Since the WordPress SSL works properly, we can infer that the hostname on your Linode matches that of the WordPress site. The first thing I would do is add a $host variable to your Nginx blocks. You can read a bit more about that in this StackOverflow answer.

Another option is to issue a SAN certificate that will cover all the domains and sidestep the hostname mismatch. You can find some instructions for doing that here.

I would also, personally, advocate asking on the Lets Encrypt forums as well. I have found a great deal of useful information and helpful folks there.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct