Hello! On Mon, Jun 03, 2019 at 05:42:22AM -0400, devCU wrote:
> The following works as advertised in my vhost server block > > ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; > ssl_certificate_key > /etc/letsencrypt/live/mydomain.com/privkey.pem; > ssl_trusted_certificate > /etc/letsencrypt/live/mydomain.com/chain.pem; > > To better automate vhosts en mass I tried using the $server_name variable > > server_name mydomain.com; > > ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem; > ssl_certificate_key > /etc/letsencrypt/live/$server_name/privkey.pem; This is generally a bad change. You shouldn't use variables just to save you from writing the same name in the appropriate directives. See here for a detailed explanation and suggestions: http://nginx.org/en/docs/faq/variables_in_config.html > ssl_trusted_certificate > /etc/letsencrypt/live/$server_name/chain.pem; This is not goint to work, as the ssl_trusted_certificate directive does not support variables. [...] > If ssl_certificate and ssl_certificate accept the $server_name variable then > how come ssl_trusted_certificate doesn't? Variables support in ssl_certificate and ssl_certificate_key directives address a specific use case when one cannot write a static configuration with pre-existing certificates - e.g., when certificates are added on a regular basis, and it is not possible to reload nginx configuration with such a rate. Such use case is unlikely to be applicable to ssl_trusted_certificate, and hence there are no plans to add variables support to the ssl_trusted_certificate directive. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
