$host_name variable in SSL certificate path in Nginx [closed]

Question

I'm trying to set up a default server in nginx with SSL, path to SSL certificate should contain sitename, something like that

server {
    listen 80 default_server;
    listen 443 ssl default_server;
    server_name _;
    ssl_certificate ssl/$host_name/fullchain.pem;
    ssl_certificate_key ssl/$host_name/privkey.pem;

and it doesn't work - in error log

cannot load certificate "/etc/nginx/ssl//fullchain.pem"

If I print this variable in headers with add_header XX "$http_host"; it shows the proper sitename. Is there any way to use sitename in certificate path? There are a lot of sites on my server with typical config so it's better for me to have just one config. Nginx version 1.18 and if I manually define some variable and put it in ssl_certificate parameter everything is working fine

Answer 1

You need to use $ssl_server_name instead of $host_name or $host - see an example in the docs. You see, the certificate is required before the client sends its HTTP request, so at that time $host_name and $host are not defined.

But as those docs say,

Note that using variables implies that a certificate will be loaded for each SSL handshake, and this may have a negative impact on performance.

So it's probably better to generate config files with fixed server names (and fixed certificate paths) for all your servers (using some kind of template).