nginx | redirect https://domain to different https://domain without browser cert errors

Standard nginx redirect:

server {
    listen 80;
    listen 443 ssl;

    server_name  up-eleven.de www.domain-a.tld;
    return       301 https://www.domain-b.tld;
}

Produces browser ssl errors (wrong cert) cs before executing the redirecting order the https connection is established between your browser and the orig domain.

Solution: Run certbot on the orig domain you redirect from:

certbot --nginx -d domain-a.tld -d www.domain-a.tld

The bot inserts this new cert into the nginx conf related to the virtual domain like:

server {
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/domain-a.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain-a.tld/privkey.pem; # managed by Certbot
    server_name  domain-a.tld www.domain-a.tld;
    return       301 https://www.domain-b.tld;
}

server {
    if ($host = www.domain-a.tld) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = domain-a.tld) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name  domain-a.tld www.domain-a.tld;
    #return 404; # managed by Certbot
    return       301 https://www.domain-b.tld;
}

I did replace the last line (return 404; # managed by Certbot) written by certbot by my own stuff (return 301 https://www.domain-b.tld;)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.