Roots Discourse

Redirection to https:// won't work when Let's encrypt is enabled and hsts_include_subdomains is false

Hey,

in my wordpress_sites.yml I have the following site_hosts and ssl setup configured:

- canonical: example.com
    redirects:
      - www.example.com
ssl:
   enabled: true
   provider: letsencrypt
   hsts_include_subdomains: false
   hsts_preload: false

When I run the playbook server.yml the Ansible role letsencrypt generates a nginx server block inside letsencrypt-example.com.conf:

[code]
server {
listen 80
server_name example.com www.example.com

acme location rules

}[/code]

The exact same server_name is generated by wordpress-setup inside example.com.conf:

[code]
server {
listen 80
server_name example.com www.example.com

acme + redirection location rules

}[/code]

When opening http://example.com or http://www.example.com I only get the nginx default page, because in my case nginx uses the acme challenge server block, instead of the redirection block.

Is nginx able to use both server blocks at the same time or is something wrong with my setup?

Thanks,
o1y

I believe this problem has the same root cause as this thread. Try removing letsencrypt-example.com.conf from the server then run

sudo service nginx reload

That conf file is used temporarily for the letsencrypt role and is normally removed except in a few specific failure cases.

If your Trellis version already has the changes in roots/trellis#743 (added to prevent this problem), Trellis will remove letsencrypt-example.com.conf if you just run:

ansible-playbook server.yml -e env=production --tags wordpress
1 Like

Thanks @fullyint!

I added the mentioned PR to my trellis setup, run the playbook again and the letsencrypt-example.com.conf was removed. Nice!

1 Like