How to redirect in nginx c www?

I read the question How to set up a redirect with www on without www + HTTPS with Nginx?
Like all correctly made, only it was global config rules, and I'm local to the specific user and domain. Running the file home/user/conf/web/snginx.conf
Have done so:
5a30c17a4a6fa297705535.png
Redirect http (www and www) work
Direct request https (without www) works
And only option https://www.domain.ru not working and says Your connection is not secure. The owner of www.domain.ru has their website configured improperly.

Probably a test certificate for that domain occurs BEFORE the redirect, hence the error and redirect to the case comes, but how to do can not understand.
June 10th 19 at 15:35
1 answer
June 10th 19 at 15:37
All just make multiple server { } for the desired domain and set up 301 there where you want.

# with http://nene.ru -> 301 to https://nene.ru
server {
 listen 242.24.144.84:80;
 server_name nene.ru;
 return 301 https://nene.ru$request_uri;
}

# with http://www.nene.ru -> 301 to https://nene.ru
server {
 listen 242.24.144.84:80;
 server_name www.nene.ru;
 return 301 https://nene.ru$request_uri;
}

# with https://www.nene.ru -> 301 to https://nene.ru
server {
 listen 242.24.144.84:http2 443 ssl;
 server_name www.nene.ru;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_certificate /etc/letsencrypt/live/nene.EN/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/nene.EN/privkey.pem;
...
 return 301 https://nene.ru$request_uri;
}

# The site itself https://nene.ru
server {
 listen 242.24.144.84:http2 443 ssl;
 server_name nene.ru;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_certificate /etc/letsencrypt/live/nene.EN/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/nene.EN/privkey.pem;
...
...
...
}
server_name www.nene.ru;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/nene.EN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nene.EN/privkey.pem;

and the user will get a certificate error, because it is from another domain :) - Franz.Waters16 commented on June 10th 19 at 15:40
what if the certificate /etc/letsencrypt/live/nene.EN/fullchain.pem is SAN at the desired subdomain, for example the output

openssl x509 -in /etc/letsencrypt/live/nene.EN/fullchain.pem -noout -text -purpose


says in the box

X509v3 Subject Alternative Name:
 DNS:nene.ru, DNS:www.nene.ru


the use of

server_name www.nene.ru;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/nene.EN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nene.EN/privkey.pem;


will not give error in browser - nikita.Schoen45 commented on June 10th 19 at 15:43

Find more questions by tags HTTPSNginx