Mastodon

Managing site certificates with NGINX and Certbot

And removing a single domain certificate without breaking everything else

Adam Fisher / fisher king (@therightstuff)
2 min readJan 1, 2022

Do you operate multiple domains from the same webserver? Do you have a webserver operated by NGINX? Do you have Certbot managing your certificates? This is a set of instructions for creating your certificates correctly and removing a single domain from your configuration, after I found some confusing ones that resulted in me knocking out my server for a little while…

A note before we begin

If you’re rather in a hurry to remove a domain from a messy configuration, STOP. Re-organizing your sites and regenerating your certificates is not only pretty quick and mostly painless — and required, if you want to remove a single domain without making NGINX break down and throw a wobbly — it’s very much the same process.

Organizing your existing NGINX sites

Ensure that you know which domains are configured in which site files, in particular make sure that you do not include servers for multiple domains in the same file.
To do this, look through your enabled site files under /etc/nginx/sites-enabled to find relevant server entries. While you’re there, you might want to note any certificates which are already used by those server entries; those will be the lines starting with ssl_certificate.

If you need to reorganize your site files, remember that their actual location must be in the /etc/nginx/sites-available path. To enable a site /etc/nginx/sites-available/example, create a symlink in the /etc/nginx/sites-enabled path with
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
and to disable a site, remove it from the /etc/nginx/sites-enabled path with
rm /etc/nginx/sites-enabled/example.com

Generating certificates with Certbot

Once your sites are organized in a way that each domain has its own file, generate certificates for each domain and its subdomains with
sudo certbot --nginx -d example.com -d www.example.com

This will generate a new certificate if needed and update the site file accordingly.

Adam Fisher / fisher king (@therightstuff)

Written by Adam Fisher / fisher king (@therightstuff)

659 Followers

Software developer and writer of words, currently producing a graphic novel adaptation of Shakespeare's Sonnets! See http://therightstuff.bio.link for details.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams