Mobile app version of vmapp.org
Login or Join
Murray155

: Error SSL with subdomain I'm using Nginx as my server. I have just installed successfully my domain with positive SSL. I edited my vhost of main domain as follow: server { listen 80; server_name

@Murray155

Posted in: #Https #Subdomain

I'm using Nginx as my server.
I have just installed successfully my domain with positive SSL. I edited my vhost of main domain as follow:

server {
listen 80;
server_name example.com example.com; return 301 example.com$request_uri; }

server {
listen 443 ssl spdy;

SSL
ssl on;
ssl_certificate /****/example-bundle.crt;
ssl_certificate_key /***/example.com.key;
ssl_session_timeout 20m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
...


I don't edit anything of subdomain's vhost.This mean subdomain listen from port 80.

OK. When I access to main domain, it OK. Access to example.com auto redirect to example.com.
This's problem:
When I access to subdomain, it also auto redirect to https and get an error because Certificate invalid for subdomain. I DON'T WANT subdomain with ssl. I only need ssl for main domain. How to fix it for my subdomain? This's vhost of subdomain:

server {
server_name sub.example.com; rewrite ^(.*) sub.example.com permanent;
}
server {
listen 80;

access_log off;
error_log off;
# error_log /*******/logs/error.log;
root /home/*******/public_html;
include /etc/nginx/conf/ddos2.conf;
index index.php index.html index.htm;
server_name sub.example.com;
........


Thanks you!

10.01% popularity Vote Up Vote Down

Login to follow query

More posts by @Murray155

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

 

@Dunderdale272

The following line is causing this:

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";


This tells browsers to require HTTPS on both the main domain and all subdomains. remove the includeSubdomains from the HSTS header and that should help.

10% popularity Vote Up Vote Down

Back to top | Use Dark Theme