子域在https上提供主要域内容

Question

我有一个拥有主域名和子域名的网站。我用nginx。在主域上，我有https，在子域上没有。但是，https://sub.domain.com正在提供domain.com的内容，并带有浏览器警告

到目前为止，我尝试在Nginx中调整我的conf效果并不顺利。

这是sub.domain.com的nginx conf文件：

server {
        listen 80;
        server_name sub.domain.com;

        root /var/www/sub/;
        index index.php;

        access_log /var/log/nginx/sub_http_access.log combined;
        error_log /var/log/nginx/sub_http_error.log;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

         location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_pass php-handler-http;
                fastcgi_read_timeout 60s;
        }

        location ~* \.(htaccess|htpasswd) {
                deny all;
        }

        # set long EXPIRES header on static assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
                expires 30d;
                access_log off;
        }

}

这是domain.com的nginx conf：

upstream php-handler-http {
        server 127.0.0.1:9000;
        #server unix:/var/run/php5-fpm.sock;
}

server {
        server_name domain.com;

        root /var/www/html/;
        index index.php;

        # set max upload size
        client_max_body_size 2G;
        fastcgi_buffers 64 4K;

        access_log /var/log/nginx/wordpress_http_access.log combined;
        error_log /var/log/nginx/wordpress_http_error.log;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                try_files $uri $uri/ /index.php?$args ;
        }

        location ~* \.(htaccess|htpasswd) {
                deny all;
        }

        location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_pass php-handler-http;
                fastcgi_read_timeout 60s;
        }

        # set long EXPIRES header on static assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
                expires 30d;
                access_log off;
        }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
                if ($host = sub.domain.com) {
                return 301 http://$host$request_uri;
    }


        if ($host = domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 443 ssl;
        server_name 8.8.8.8;
        return 301 $scheme://domain.com$request_uri;


}

我希望https://sub.domain.com不能提供主要的网站内容，并且不能重定向到http://sub.domain.com的301