0

I have the .com and .co.uk versions of a domain. I want every combination of these (including www subdomains) to redirect to the https .co.uk version.

By every combination I mean that all of the following should redirect to https://example.co.uk.

http://example.com
https://example.com
http://www.example.com
https://www.example.com
http://example.co.uk
http://www.example.co.uk
https://www.example.co.uk

I think I've pretty much achieved this with the following:

server {
  listen 443 ssl http2;
  server_name example.co.uk;

  ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  root /var/www/example.co.uk;
  index index.html;
}

server {
  listen 80;
  server_name example.co.uk;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 443 ssl;
  server_name www.example.co.uk;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 80;
  server_name www.example.co.uk;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 443 ssl;
  server_name example.com;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 80;
  server_name example.com;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 443 ssl;
  server_name www.example.com;
  return 301 https://example.co.uk$request_uri;
}

server {
  listen 80;
  server_name www.example.com;
  return 301 https://example.co.uk$request_uri;
}

The only thing is, when I try https://example.com or https://www.example.com it gives me a browser privacy error page.

Do I need to get separate SSL certificates for both domains and both www subdomains for this setup to work? So I would end up with 4 certificates?

CaribouCode
  • 103
  • 3
  • Have you tried getting a [wildcard or multi domain certificate](https://serverfault.com/questions/566426/does-each-subdomain-need-its-own-ssl-certificate)? – dma1324 Aug 21 '18 at 16:36
  • @dma1324 No not yet. I'm using Let's Encrypt and Certbot to generate the certificates. – CaribouCode Aug 21 '18 at 16:38

1 Answers1

1

The easiest way is to get one certificate that matches all your domain names. A certificate can match more than one name, it is called Subject Alternative Name (SAN).

You can get such a certificate for free from Let's encrypt, you just have to arrange for verification on all domain names.

RalfFriedl
  • 3,108
  • 4
  • 13
  • 17