Norway


Important Note: Many certificate providers now generate certs which work on both the www. and the non-www. version of your . If you have a provider that does this (RapidSSL does, and I’ve heard that Comodo does as well), follow these instructions, but instead of buying two certs, just use the same ID in both locations.

I ran into an issue this week that ended up with some visitors to Karani seeing errors in their browsers when they visited via a particular URL. Not good!

Chrome SSL Cert Error  - chrome ssl error - Applying an SSL cert to a Laravel Forge site’s www. domain

In Forge, if you set up karaniapp.com as a , www.karaniapp.com will forward there. But if you buy a non-wildcard SSL cert for karaniapp.com, it won’t work for www.karaniapp.com, so if someone types https://www.karaniapp.com/, it’ll give a security error.

The fix? Add an SSL cert for www.karaniapp.com too.

Your site’s second cert

Just like normal, generate a CSR in Forge, order a cert for www.karaniapp.com, and install it, but don’t activate it (because if you activated this new SSL cert, that would deactive your primary SSL cert for karaniapp.com).

Instead, ssh into your server. sudo vim /etc/nginx/-available/www.karaniapp.com (or whichever domain you’re adding the non-primary SSL cert to). What we’re doing here is using vim (a command line editor; you can use pico or emacs or whatever else) to edit the Nginx configuration file for this site.

By default you’ll just see the non-HTTPS config for a site redirect:

server {
 listen 80;
 server_name www.karaniapp.com;
 return 301 $scheme://karaniapp.com$request_uri;
}

You’ll want to add the HTTPS redirect config in here, just below the closing brace, manually.

server {
 listen 80;
 server_name www.karaniapp.com;
 return 301 $scheme://karaniapp.com$request_uri;
}

server {
 listen 443 ssl;
 server_name www.karaniapp.com;

 # FORGE SSL (DO NOT REMOVE!)
 ssl on;
 ssl_certificate /etc/nginx/ssl/karaniapp.com/1234/server.crt;
 ssl_certificate_key /etc/nginx/ssl/karaniapp.com/1234/server.key;

 return 301 $scheme://karaniapp.com$request_uri;
}

Notice that there’s a number (12345 in this example) in the middle of the ssl_certificate and ssl_certificate_key paths. Where do you get the number from?

Log into Forge, edit your site, click the SSL Certificates tab, and scroll down to the bottom. Find the Cert Path for your non-primary SSL cert and grab the number from there.

Find Forge SSL Cert Number  - find forge ssl cert number - Applying an SSL cert to a Laravel Forge site’s www. domain

Save that file and restart Nginx. You can either sudo service nginx restart from the command line, or visit the server in Forge, and click the refresh icon, and choose “restart Nginx”.

Forge Restart Nginx  - forge restart nginx - Applying an SSL cert to a Laravel Forge site’s www. domain

That’s it!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here