Adding a domain without mail but need a SSL Certificate

Help with Unusual Circumstances
1

So I’ve a domain example[.]com hosted on my MIAB server. I’ve a mail server for the same.
Now I am hosting another application on port 8000 on the same server and have added in the nginx conf the following -

server {
	listen 80;
	server_name myapp[.]example[.]com;
	# redirect all HTTP to HTTPS
	return 301 https[://]$host$request_uri;
}

server {
	listen 443 ssl;
	server_name myapp[.]example[.]com;

	ssl_certificate /etc/letsencrypt/live/myapp[.]example[.]com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/myapp[.]example[.]com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
	ssl_session_tickets off;
	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers off;

	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
	# Uncomment if desired
	#add_header Strict-Transport-Security "max-age=63072000" always;

	ssl_stapling on;
	ssl_stapling_verify on;

	client_max_body_size 0;
	proxy_read_timeout 300;

	location / {
		include proxy_params;
		proxy_pass http[://]127.0.0.1:8000;
	}
}

Now I’ve got the cert for the myapp subdomain using certbot on the same machine.
I’ve also added a DNS entry with myapp[.]example[.]com in the Custom DNS section of MIAB.

But whenever I open myapp[.]example[.]com it shows certificate invalid and when I check the certificate it shows the certifcate for box[.]example[.]com, hence the error. Like this -

image
image1872×1656 179 KB

P.S. I’ve to add [] to links as new users can’t post links.

2

Hi. The quick answer is that your new myapp has crashed into MIAB. MIAB requires, and assumes nothing else touches, various ports and functions. If you take over those ports/functions (which you have) then MIAB and/or your app will break.

The cleanest option is to run MIAB on it’s own server, and put your myapp on a different box. Your MIAB can host (custom) DNS entries for the myapp server, but putting another web app on the same box is really pushing uphill.

It is “theoretically possible” to run another app on the same box, but it is not really practical. Just don’t - you’ll spend enormous amounts of your time tracking down conflicts between MIAB and myapp - and won’t get much support.

3

Would separating them onto different servers resolve this? :thinking:

4

Yes. That would be the sensible way - put each app on its own server, each server having it’s own address and it’s own subdomain.

(They could be virtual servers - that’s fine - but to make it easy, make each server independent, each with it’s own address and own name.)

5

I truly appreciate your thoughtful advice.