1

According to the nginx documentation, the server block below should work for both https://joycegroup.org and https://www.joycegroup.org

server {

listen 443 ssl;

ssl_certificate /etc/ssl/certs/joycegroup_org_chain.crt;

ssl_certificate_key /etc/ssl/private/joycegroup_org.key;

root /var/www/joycegroup_org/;

server_name joycegroup.org www.joycegroup.org;

location / {
index index.html index.htm index.html index.php;
}

}

It works for https://www.joycegroup.org, not https://joycegroup.org. What am I doing wrong?

Eventually I will also want to redirect http to https as well, but I'm trying to figure out this problem first.

I'm so sorry for the basic nature of this question. I've been hitting my head against a wall for hours.

BenJ
  • 13
  • 5

2 Answers2

3

www.joycegroup.org by itself does not mean joycegroup.org (without www) is a valid DNS record.

Note that you can’t setup a CNAME record for the root of a domain (Why can't a CNAME record be used at the apex (aka root) of a domain?), so you need an A record.

You can show it is a DNS resolution issue in various ways, such as curl https://joycegroup.org. If it shows curl: (6) Could not resolve host: joycegroup.com; Name or service not known, its' a DNS issue.

You can further confirm it's a DNS issue related to the difference between the two records by running nslookup or host or dig in both cases and comparing the output.

Some examples:

  • host (Linux):
$ host <record with www>

<record with www> has address 192.168.1.10


$ host <record without www>

<no output is shown>
  • nslookup (Linux):
$ nslookup <record without www>
Server:         <dns server ip>
Address:        <dns server ip>#53

*** Can't find <record without www>: No answer


$ nslookup <record with www>

Server:         <dns server ip>
Address:        <dns server ip>#53

Name:   <record with www>
Address: 192.168.1.10
  • nslookup (Windows):
C:\Users\myuser> nslookup <record without www>

Server:  <dns server>
Address:  <dns server ip>

Name:    <record without www>

Note that no IP address is shown. It returns something because every zone has its own record, although it is not an A record (associated to an IP address) but a SOA record.

On the other hand, if you query an A record that actually exists, you get the classic reply:

C:\Users\myuser>nslookup <record with www>

Server:  <dns server>
Address:  <dns server ip>

Name:    <record with www>
Address:  192.168.1.10
A. Darwin
  • 582
  • 2
  • 7
  • While this is already a great answer, you might attach some evidence, such as `curl: (6) Could not resolve host: joycegroup.org` for the command `curl https://joycegroup.org`. Then every reader knows clearly how you analyzed. – Lex Li Nov 21 '22 at 07:24
  • @LexLi you're right. I added some troubleshooting steps. – A. Darwin Nov 21 '22 at 08:13
  • Thank you so much. I misunderstood the use of the wildcard A record. I thought it would also catch the root domain. Thanks again, your answer is excellent. – BenJ Nov 21 '22 at 13:12
0

As answered by A. Darwin, you do not have a DNS record set for joycegroup.org:

c-nan@mba-c-nan ~ % dig www.joycegroup.org A +short  
50.116.60.151
c-nan@mba-c-nan ~ % dig joycegroup.org A +short    
c-nan@mba-c-nan ~ %

You should add the following DNS A Record

joycegroup.org  IN  A   50.116.60.151

at your DNS provider:

c-nan@mba-c-nan ~ % dig joycegroup.org NS +short
dns1.registrar-servers.com.
dns2.registrar-servers.com.
c-nan@mba-c-nan ~ %

If you want to redirect ALL http traffic to https you can configure the following:

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

To be specific for a domain you could use:

server {
    listen 80;
    server_name www.joycegroup.com joycegroup.com;
    return 301 https://joycegroup.com$request_uri;
}
C-nan
  • 131
  • 2