nginx certbot 证书 www 和非 www

Question

我不允许 certbot 创建我的 Web 服务器配置。坦白说，我不相信它能做对，因为它已经在做一些不太有效的做法了。

所以我获得了证书certbot certonly --webroot -w /var/www -d hostname -d hostname......

我的 nginx 配置如下（针对一个示例域）：

server {
    server_name www.yes-www.org yes-www.org;

    access_log off;

    include includes/listen-80;
    include includes/cloudflare;
    include includes/letsencrypt;

    location / {
        return 301 https://$host$request_uri;
    }
}

对于端口 80，我只是提供两个主机名并无条件重定向到 https 和 www。

server {
    server_name yes-www.org;

    access_log off;

    ssl_certificate /etc/letsencrypt/live/www.yes-www.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.yes-www.org/privkey.pem;

    include includes/listen-443;
    include includes/cloudflare;
    include includes/ssl;
    include includes/hsts;
    include includes/letsencrypt;

    location / {
        return 301 https://www.yes-www.org$request_uri;
    }
}

对于非 www 端口 443 我只是无条件重定向到 www。

server {
    server_name www.yes-www.org;

    root /srv/www/yes-www.org;

    access_log /var/log/nginx/yes-www.org-access.log nginx;
    access_log /var/log/nginx/cache.log cache;
    error_log /var/log/nginx/yes-www.org-error.log;

    ssl_certificate /etc/letsencrypt/live/www.yes-www.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.yes-www.org/privkey.pem;

    include includes/listen-443;
    include includes/cloudflare;
    include includes/letsencrypt;
    include includes/ssl;
    include includes/hsts;
    include includes/favicon;
    include includes/wordpress;
    include includes/php;
    include /srv/www/yes-www.org/nginx.conf;

    location ~ /\.(ht|git) {
        deny all;
    }
}

最后，我在这里提供一个网站。

注意的内容/etc/nginx/includes/letsencrypt是：

location /.well-known/acme-challenge/ {
    root /var/www;
    try_files $uri =404;
}

这使得certbot certonly上述工作得以完成。

Answer 1