6回目-12.新規サブドメイン追加 + Let's Encryptの無料SSL導入

さくらVPSCentOS 7 2週間無料のお試し期間 6回目

一覧

 状態:-  閲覧数:476  投稿日:2018-02-22  更新日:2018-02-22

事前準備
「新規取得したドメイン」への全アクセスを、さくらVPSのIPアドレスへ向ける

http://e1blue.work/
このドメインは、お名前.comで取得されています。

お名前.comのトップページへ


・大人しくネームサーバ変更反映を待つ
・4~5分経過すると、変更が反映される

http://e1blue.work/
このサイトにアクセスできません
e1blue.work のサーバーの IP アドレスが見つかりませんでした。
e1blue work を Google で検索してください
ERR_NAME_NOT_RESOLVED



既にhttps表示されているドメインとは、異なるドメイン。「/etc/nginx/conf.d/b.conf」をコピペ置換して「/etc/nginx/conf.d/c.conf」作成し、再起動するも失敗

 閲覧数:110 投稿日:2018-02-22 更新日:2018-02-22 

現状設定確認


$ cat /etc/nginx/conf.d/b.conf
server {
   server_name  b.w4c.work;
   root   /var/www/html/w4c.work/b.w4c.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
   if ($host = b.w4c.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  b.w4c.work;
   return 404; # managed by Certbot


}


設定ファイル作成


$ sudo vi /etc/nginx/conf.d/c.conf
・b.w4c.work → c.e1blue.work
・/w4c.work/ → /e1blue.work/
・最後の「}」が抜けている
server {
   server_name  c.e1blue.work;
   root   /var/www/html/e1blue.work/c.e1blue.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
   if ($host = c.e1blue.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  c.e1blue.work;
   return 404; # managed by Certbot

index.phpファイル作成


# mkdir -p /var/www/html/e1blue.work/c.e1blue.work
# chown -R ★★:★★ /var/www/html/e1blue.work/c.e1blue.work
# vi /var/www/html/e1blue.work/c.e1blue.work/index.php
<?php echo 'c'; ?>


# systemctl restart php-fpm
# systemctl restart nginx.service
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

# systemctl status nginx.service
● nginx.service - nginx - high performance web server
  Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since 木 2018-02-22 12:16:18 JST; 25s ago
    Docs: http://nginx.org/en/docs/
 Process: 8018 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
 Process: 8021 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
Main PID: 28219 (code=exited, status=0/SUCCESS)

2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp systemd[1]: Starting nginx - high performance web server...
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp nginx[8021]: nginx: [emerg] unknown directive "$" in /etc/nginx/conf.d/c.conf:2
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp nginx[8021]: nginx: configuration file /etc/nginx/nginx.conf test failed
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp systemd[1]: nginx.service: control process exited, code=exited status=1
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp systemd[1]: Failed to start nginx - high performance web server.
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp systemd[1]: Unit nginx.service entered failed state.
2月 22 12:16:18 tk2-226-22710.vs.sakura.ne.jp systemd[1]: nginx.service failed.


修正再起動後、http://c.e1blue.workへアクセスするも、cと表示されない

・既にhttps表示されているドメインとは、異なるドメインだから?
・既にhttps表示されているドメインの、新たなサブドメインならどうなるの?

既にhttps表示されているドメインの、新たなサブドメイン。「/etc/nginx/conf.d/b.conf」をコピペ置換して「/etc/nginx/conf.d/d.conf」作成し、再起動するも失敗

 閲覧数:125 投稿日:2018-02-22 更新日:2018-02-22 

index.phpファイル作成



$ sudo -s
# mkdir -p /var/www/html/w4c.work/d.w4c.work
# chown -R ★★:★★ /var/www/html/w4c.work/d.w4c.work
# vi /var/www/html/w4c.work/d.w4c.work/index.php
<?php echo 'd'; ?>


設定ファイル作成


server {
   server_name  d.w4c.work;
   root   /var/www/html/w4c.work/d.w4c.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
   if ($host = d.w4c.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  d.w4c.work;
   return 404; # managed by Certbot


}


# systemctl restart php-fpm
# systemctl restart nginx.service


・https//d.w4c.work/へアクセスするも、dと表示されない


ここでようやく気が付く

・設定ファイルの置換コピペだけでは駄目みたい
・何やっているか分からないけど、コマンド入力が必要みたい

成功事例。コマンド入力。$ sudo certbot --nginx

 閲覧数:132 投稿日:2018-02-22 更新日:2018-02-22 
$ sudo certbot --nginx
[sudo] password for : 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: c.e1blue.work
2: a.w4c.work
3: b.w4c.work
4: d.w4c.work
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):


スペースキー入力後、Enter
-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/a.w4c.work.conf)

It contains these names: a.w4c.work, b.w4c.work

You requested these names for the new certificate: c.e1blue.work, a.w4c.work,
b.w4c.work, d.w4c.work.

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel:
e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for c.e1blue.work
http-01 challenge for a.w4c.work
http-01 challenge for b.w4c.work
http-01 challenge for d.w4c.work
Waiting for verification...
Cleaning up challenges
Deployed Certificate to VirtualHost /etc/nginx/conf.d/c.conf for c.e1blue.work
Deployed Certificate to VirtualHost /etc/nginx/conf.d/a.conf for a.w4c.work
Deployed Certificate to VirtualHost /etc/nginx/conf.d/b.conf for b.w4c.work
Deployed Certificate to VirtualHost /etc/nginx/conf.d/d.conf for d.w4c.work

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
2
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/c.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/a.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/b.conf
Traffic on port 80 already redirecting to ssl in /etc/nginx/conf.d/d.conf

-------------------------------------------------------------------------------
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://c.e1blue.work,
https://a.w4c.work, https://b.w4c.work, and https://d.w4c.work

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=c.e1blue.work
https://www.ssllabs.com/ssltest/analyze.html?d=a.w4c.work
https://www.ssllabs.com/ssltest/analyze.html?d=b.w4c.work
https://www.ssllabs.com/ssltest/analyze.html?d=d.w4c.work
-------------------------------------------------------------------------------

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/a.w4c.work/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/a.w4c.work/privkey.pem
Your cert will expire on 2018-05-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le



ブラウザ経由でアクセスして動作確認

 閲覧数:121 投稿日:2018-02-22 更新日:2018-02-22 

https対応済み


http://a.w4c.work/
→「https://a.w4c.work/」へリダイレクトする
a


https://a.w4c.work/
a


http://b.w4c.work/
→「https://b.w4c.work/」へリダイレクトする
b


https://b.w4c.work/
b


http://d.w4c.work/
→「https://d.w4c.work/」へリダイレクトする
d


https://d.w4c.work/
d


http://c.e1blue.work/
→「https://c.e1blue.work/」へリダイレクトする
c


https://c.e1blue.work/
c


上記以外


デフォルト
・https未対応

http://www.w4c.work/
hoge


https://www.w4c.work/
この接続ではプライバシーが保護されません

セキュリティで保護されたページに戻る


http://IPアドレス/
hoge


https://IPアドレス/
この接続ではプライバシーが保護されません

セキュリティで保護されたページに戻る




現状確認

 閲覧数:105 投稿日:2018-02-22 更新日:2018-02-22 

現状設定ファイル内容


$ cat /etc/nginx/conf.d/a.conf
server {
   server_name  a.w4c.work;
   root   /var/www/html/w4c.work/a.w4c.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
   if ($host = a.w4c.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  a.w4c.work;
   return 404; # managed by Certbot


}


$ cat /etc/nginx/conf.d/b.conf
server {
   server_name  b.w4c.work;
   root   /var/www/html/w4c.work/b.w4c.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
   if ($host = b.w4c.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  b.w4c.work;
   return 404; # managed by Certbot


}


$ cat /etc/nginx/conf.d/d.conf
server {
   server_name  d.w4c.work;
   root   /var/www/html/w4c.work/d.w4c.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
   if ($host = d.w4c.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  d.w4c.work;
   return 404; # managed by Certbot


}


$ cat /etc/nginx/conf.d/c.conf
server {
   server_name  c.e1blue.work;
   root   /var/www/html/e1blue.work/c.e1blue.work;
   index  index.php index.html index.htm;
   #charset koi8-r;
   #access_log  /var/log/nginx/host.access.log  main;

   location / {
       #root   /usr/share/nginx/html;
       #index  index.html index.htm;
       try_files $uri $uri/ /index.php?$query_string;
   }

   #error_page  404              /404.html;

   # redirect server error pages to the static page /50x.html
   #
   error_page   500 502 503 504  /50x.html;
   location = /50x.html {
       root   /usr/share/nginx/html;
   }

   # proxy the PHP scripts to Apache listening on 127.0.0.1:80
   #
   #location ~ \.php$ {
   #    proxy_pass   http://127.0.0.1;
   #}

   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
   #
   #location ~ \.php$ {
   #    root           html;
   #    fastcgi_pass   127.0.0.1:9000;
   #    fastcgi_index  index.php;
   #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
   #    include        fastcgi_params;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #    deny  all;
   #}

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
   }


   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/a.w4c.work/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
   if ($host = c.e1blue.work) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   listen       80;
   server_name  c.e1blue.work;
   return 404; # managed by Certbot


}


気が付いた点


 listen 443 ssl; # managed by Certbot
・異なるドメインも含めて、全て「ssl_certificate /etc/letsencrypt/live/a.w4c.work/fullchain.pem;」となっている

現状正常動作しているが、この設定ファイルをコピペ置換後再起動しても正常動作しない
・サブドメイン(もしくは新規ドメイン)を追加する度に、その都度コマンド入力が必要
・理由は不明

Link


内容が詳しそうなページ
・いつか学習するかも

catch-all
・server_name にも引っかからなかった場合catch-allとして受け入れるserverをつくっておいた方が安全
・設定は _ で指定。
nginxのserver_nameとSSLの設定についてのメモ

nginxでSSL接続する
Configuring HTTPS servers
nginx連載6回目: nginxの設定、その4 - TLS/SSLの設定 


6回目-11.Let's Encryptの無料SSL導入



週間人気ページランキング / 9-18 → 9-24
順位 ページタイトル抜粋 アクセス数
1 Nginx設定。エラーログレベル | Nginx(Webサーバ) 17
2 PHP実行ユーザ設定 / CentOS6 / Apache | PHP(プログラミング言語) 14
3 9回目-13.MySQL5.7.21設定 | CentOS 7 2週間無料のお試し期間 9回目(さくらVPS) 12
4 PHPのmb_send_mail関数でメール送信できない | メール処理システム 10
5 ImageMagick と imagick の違い | ImageMagick(ソフトウェアスイート) 9
6 さくらVPS0 8
6 tar: これは tar アーカイブではないようです 8
7 manページ日本語表示 | CentOS 7 (CentOS) 7
7 Reached target Shutdown メッセージが表示されたあと、シャットダウンまたは再起動プロセスがハングアップする | CentOS 7 (CentOS) 7
8 ABRT により 問題が検出されました | CentOS 7 (CentOS) 6
8 PHPファイルでchmodエラー | PHP(プログラミング言語) 6
8 「設定ファイルに、暗号化 (blowfish_secret) 用の非公開パスフレーズの設定を必要とするようになりました。」対応 6
8 Python 3.5 アンインストール / yum remove | Python(プログラミング言語) 6
9 FFmpeg 2.8.15 を yum インストール | ソフトウェアスイート 5
9 echo と cat の違い 5
10 phpMyAdmin 4.4.3(phpMyAdmin) カテゴリー 4
10 6回目-10.Nginxでバーチャルホスト設定確認 | CentOS 7 2週間無料のお試し期間 6回目(さくらVPS) 4
10 「さくらVPS」で、「CentOS6」を「CentOS7」へ変更するためには? | CentOS 7 2週間無料のお試し期間 Link(さくらVPS) 4
10 cronで定期実行しているphpファイルを、コマンドライン経由で即時実行する | cron(Linuxコマンド) 4
10 MySQL 5.5 から 5.6 へのアップグレード | MySQL(データベース) 4
2021/9/25 1:01 更新