The ssl_certificate directive from the http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate module - it has a server and an http context.
I have gone a little far while creating my config for autossl, multidomain (SAN) SSL within the same server { .... } block.
All of my config is under the same server block - for listen IP:80 and listen IP:443 too. Something like this :
=======================================================================================================
server {
listen IP:80;
listen IP:443;
server_name example.com www.example.com alias.com sub.example.com ;
ssl_certificate /path/to/cert/fullchain.pem;
ssl_certificate_key /path/tp/cert/privkey.pem;
if ( $scheme = \"http\" ) { return 301 https://$host$request_uri; }
}
=========================================================================================================
This works as long as I have a SAN cert. But, now, I want to add individual certs for each of the domains, aliases and subdomains above.
I need something like :
if ($host = "example.com") {
ssl_certificate /path/to/cert/examplecom.pem; ssl_certificate_key /path/tp/cert/examplecom.pem; if ( $scheme = \"http\" ) { return 301 https://$host$request_uri; }
}
if ($host = "alias.com") {
ssl_certificate /path/to/cert/aliascom.pem; ssl_certificate_key /path/tp/cert/aliascom.pem; if ( $scheme = \"http\" ) { return 301 https://$host$request_uri; }
}
But, the ssl_certificate directive does not have an if context. Hence, I am not able to write such a config.
I understand that I will have to anyways create a new server block per domain eventually.
But, is the above possible by tweaking something?
-Thank you!