Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: prs-calarasi.ro
I ran this command: --------
It produced this output: ---------
My web server is (include version): www.prs-calarasi.ro
The operating system my web server runs on is (include version): nginx version: nginx/1.18.0 (Ubuntu)
My hosting provider, if applicable, is: no
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0
I created the certificate www.prs-calarasi.ro
can I create the prs-calarasi.ro domain in the same certificate?
if yes, what is the order?
because www.prs-calarasi.ro presents the certificate but prs-calarasi.ro does not have the certificate
Existing certs cannot be modified. But, you can get a new cert with both names by just naming both domains in the command. If you had shown your command I could give example.
But, your DNS has those two domains pointing to different servers. You need to fix that first.
The IP of 217.79.185.18 is for an Apache server. The other IP is nginx.
Amsterdam, Netherlands
OpenTLD BV 217.79.185.18
145.53.227.236
Paris, France
Online S.A.S. 145.53.227.236
Almeria, Spain
Vodafone Ono S.A. 145.53.227.236
Zizers, Switzerland
Oskar Emmenegger 145.53.227.236
it is fixed from the DNS zone but has not yet propagated everywhere
it's only the nginx server that I need the certificate for
I still don't need the apache one for this domain
the apache one I will issue mail.prs-calarasi.ro but later
No. You cannot have two different IP's pointing to two different servers (nginx and Apache)
Right now prs-calarasi.ro has those two and www.prs-calarasi.ro has just nginx
If you want apache for some other domain name, you set its IP on that new name not in the apex prs-calarasi.ro
And, the unboundtest uses your authoritative DNS servers so looking up with that method does not depend on where you lookup or the propagation.
Another way:
dig +noall +answer A prs-calarasi.ro @prs-calarasi.ro
prs-calarasi.ro. 604800 IN A 145.53.227.236
prs-calarasi.ro. 604800 IN A 217.79.185.18
dig +noall +answer A www.prs-calarasi.ro @prs-calarasi.ro
www.prs-calarasi.ro. 604800 IN A 145.53.227.236
no, the configuration is like that
vps static ip 217.79.185.18
two installed domains tvnl.eu and prs-calarasi.ro
on the server with static ip 217.79.185.18 are the mail servers
on servers 145.53.227.236 there are websites and other databases
dns configuration is on vps
certbot certonly --non-interactive --agree-tos --nginx -m leo@tvnl.eu -d www.prs-calarasi.ro -d prs-calarasi.ro
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Missing command line flag or config entry for this setting:
You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/www.prs-calarasi.ro.conf)
It contains these names: www.prs-calarasi.ro
You requested these names for the new certificate: www.prs-calarasi.ro, prs-calarasi.ro.
Do you want to expand and replace this existing certificate with the new certificate?