2 domains one path using ServerAlias

relipse · March 18, 2022, 2:48am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ein.world

I ran this command: nothing yet

It produced this output:n/a

My web server is (include version): Debian Apache 2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Hi, I set up my site like so:
2 <VirtualHost *:443>
3 ServerAdmin webmaster@eingame.cc
4 ServerName eingame.cc
5 ServerAlias www.eingame.cc
6 ServerAlias ein.world
7 ServerAlias www.ein.world
8
9 # Indexes + Directory Root.
10 DocumentRoot /home/eingame/public_html
11 DirectoryIndex index.php
12
13 <Directory /home/eingame/public_html>
14 Options Indexes FollowSymLinks
15 AllowOverride All
16 Require all granted
17

and
31 Include /etc/letsencrypt/options-ssl-apache.conf
32 SSLCertificateFile /etc/letsencrypt/live/eingame.cc/fullchain.pem
33 SSLCertificateKeyFile /etc/letsencrypt/live/eingame.cc/privkey.pem

But how do I get a ssl cert for ein.world since it is already set up as eingame.cc?

webprofusion · March 18, 2022, 2:55am

Your certificate can cover up to 100 subject alternative names (SAN), this means one cert file can cover up to 100 domains or subdomains (or it can even include multiple wildcards etc). To get a cert for multiple domains you would run certbot with the list of domains your site is known by.

rg305 · March 18, 2022, 4:42am

certbot --apache -d ein.world

But you should also consider adding the "www" to that command:
certbot --apache -d ein.world -d www.ein.world

That said, you should be informed that LE prefers IPv6 (over IPv4) when present.
And, in this case, it is present:

Name:      ein.world
Addresses: 2600:3c00::f03c:91ff:feb0:1b5b
           198.58.105.195

But IPv6 fails to reach the site (as IPv4 does):

curl -6I ein.world
HTTP/1.1 403 Forbidden

curl -4I ein.world
HTTP/1.1 200 OK

relipse · March 18, 2022, 8:48pm

I tried doing this, and it works for http://ein.world but now my https://eingame.cc doesn't have a valid certificate.

How do I get both https://ein.world AND https://eingame.cc at the same time?

Keep in mind my apache file looks like this:
20:48 /etc/apache2/sites-enabled (master)$ cat eingame.cc-le-ssl.conf

ServerAdmin webmaster@eingame.cc ServerName eingame.cc ServerAlias www.eingame.cc ServerAlias ein.world ServerAlias www.ein.world
    # Indexes + Directory Root.
    DocumentRoot /home/eingame/public_html
    DirectoryIndex index.php

    <Directory /home/eingame/public_html>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    <IfModule mod_php5.c>
            AddType application/x-httpd-php .php

            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_value include_path .
    </IfModule>

    # Logfiles
    ErrorLog  /home/eingame/logs/error.log
    CustomLog /home/eingame/logs/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/ein.world/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ein.world/privkey.pem

<VirtualHost *:80>
ServerAdmin webmaster@eingame.cc
ServerName eingame.cc
ServerAlias www.eingame.cc
    # Indexes + Directory Root.
    DocumentRoot /home/eingame/public_html
    DirectoryIndex index.php

    <Directory /home/eingame/public_html>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    <IfModule mod_php5.c>
            AddType application/x-httpd-php .php

            php_flag magic_quotes_gpc Off
            php_flag track_vars On
            php_flag register_globals Off
            php_value include_path .
    </IfModule>

    # Logfiles
    ErrorLog  /home/eingame/logs/error.log
    CustomLog /home/eingame/logs/access.log combined
RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteCond %{SERVER_NAME} =eingame.cc [OR]

RewriteCond %{SERVER_NAME} =www.eingame.cc

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

rg305 · March 18, 2022, 9:08pm

That's another question [which you should have asked up front].
To that end, are there any more sites you want to also get a cert for?

In the meantime, if you want them on the same cert, add the sites to the list of names on the request command:
certbot --apache -d site.1 -d site.2 -d site.3 -d ...

But that doesn't seem like the right way to go; as the sites are not in the same vhost.
So, I would, get them separately:
certbot --apache -d site.1 -d www.site.1
certbot --apache -d site.2 -d www.site.2
certbot --apache -d site.3 -d www.site.3

system · April 17, 2022, 9:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.