A little help please

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: prs-calarasi.ro

I ran this command: --------

It produced this output: ---------

My web server is (include version): www.prs-calarasi.ro

The operating system my web server runs on is (include version): nginx version: nginx/1.18.0 (Ubuntu)

My hosting provider, if applicable, is: no

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

I created the certificate www.prs-calarasi.ro
can I create the prs-calarasi.ro domain in the same certificate?
if yes, what is the order?
because www.prs-calarasi.ro presents the certificate but prs-calarasi.ro does not have the certificate

Existing certs cannot be modified. But, you can get a new cert with both names by just naming both domains in the command. If you had shown your command I could give example.

But, your DNS has those two domains pointing to different servers. You need to fix that first.

The IP of is for an Apache server. The other IP is nginx.

nslookup prs-calarasi.ro

nslookup www.prs-calarasi.ro

Amsterdam, Netherlands
Paris, France
Online S.A.S.
Almeria, Spain
Vodafone Ono S.A.
Zizers, Switzerland
Oskar Emmenegger

it is fixed from the DNS zone but has not yet propagated everywhere

it's only the nginx server that I need the certificate for
I still don't need the apache one for this domain
the apache one I will issue mail.prs-calarasi.ro but later

nslookup www.prs-calarasi.ro
nslookup prs-calarasi.ro

You need to check your authoritative DNS because I still see 2 IP addresses for it (Apache and nginx)

See this test site which uses a method similar to the Let's Encrypt Servers which look at your authoritative DNS


from Holland it looks like this nslookup
nslookup prs-calarasi.ro

Non-authoritative answer:
Name: prs-calarasi.ro
Name: prs-calarasi.ro

as a rule
but i need only for nginx
nginx only ip
apache only
www.prs-calarasi.ro to be the same as prs-calarasi.ro

now i removed the apache server

No. You cannot have two different IP's pointing to two different servers (nginx and Apache)

Right now prs-calarasi.ro has those two and www.prs-calarasi.ro has just nginx

If you want apache for some other domain name, you set its IP on that new name not in the apex prs-calarasi.ro

And, the unboundtest uses your authoritative DNS servers so looking up with that method does not depend on where you lookup or the propagation.

Another way:

 dig +noall +answer A prs-calarasi.ro @prs-calarasi.ro
prs-calarasi.ro.        604800  IN      A
prs-calarasi.ro.        604800  IN      A
dig +noall +answer A www.prs-calarasi.ro @prs-calarasi.ro
www.prs-calarasi.ro.    604800  IN      A

ALSO, you have some DNS config issues you should review and correct. See below


OK. Now reissue your original command with both domain names. If nginx is configured properly for both names you should get a cert with both names.

but, do review the DNSViz site I linked. Your DNS has some issues


I see someone here

Let's Encrypt does not rely on that kind of propagation as it uses your authoritative DNS. Please research more about how DNS works.


certbot certonly --non-interactive --agree-tos --nginx -m leo@tvnl.eu -d www.prs-calarasi.ro -d prs-calarasi.ro

is this the command to link the two domains?
actually this was my initial question
how can I link the two www and http domains

1 Like

The Internet can't resolve the authoritative DNS servers correctly:

prs-calarasi.ro nameserver = ns1.tvnl.eu

prs-calarasi.ro nameserver = prs-calarasi.ro

That is the right certbot command.
But you have to fix the DNS issue first.


Yes, that looks good and I would have said so if you had shown the command you used earlier :slight_smile:

But, as both Rudy and I have noted, you still have DNS issues to resolve so that you have a reliable system


Also, using a single authoritative DNS server is NOT a good idea.


no, the configuration is like that
vps static ip
two installed domains tvnl.eu and prs-calarasi.ro
on the server with static ip are the mail servers
on servers there are websites and other databases
dns configuration is on vps

ns1.tvnl.eu it is the same with ns.prs-calarasi.ro

certbot certonly --non-interactive --agree-tos --nginx -m leo@tvnl.eu -d www.prs-calarasi.ro -d prs-calarasi.ro
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/www.prs-calarasi.ro.conf)

It contains these names: www.prs-calarasi.ro

You requested these names for the new certificate: www.prs-calarasi.ro, prs-calarasi.ro.

Do you want to expand and replace this existing certificate with the new certificate?

(You can set this with the --expand flag)
Ask for help or search for solutions at https://community.letsencrypt.org.

curious now it works
I mention that I did not make any changes
website www.prs-calarasi.ro is the same as prs-calarasi.ro
both have a certificate

What does this show?

certbot certificates