Add New Domain running on a MEAN stack to an Existing Certificate for a Wordpress website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.haslv.com

I ran this command:
DOMAIN=haslv.com
WILDCARD=*.$DOMAIN
sudo certbot --expand -d haslvapps.com -d $DOMAIN -d $WILDCARD -
-manual --preferred-challenges dns certonly

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/haslv.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/haslv.com/privkey.pem
    Your cert will expire on 2021-05-01.

My web server is (include version): ???

The operating system my web server runs on is (include version): Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1102-aws x86_64)

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

I am trying to add the domain (haslvapps.com) to the existing certificate. The domain, haslv.com is on the certificate and show secure; however, the haslvapps.com domain is not secure. Can you tell me how to solve this?

2 Likes

Hello :slightly_smiling_face:

Did you remember to restart your webserver after acquiring the new certificate?

sudo apachectl -k graceful

1 Like

Do they need to be on the same cert?
Can you show the output of:
certbot certificates

And as @griffin already suggested, have you restarted the web server since you ran that command?

UPDATE:
Did you manage to resolve this problem?
If so, how?
[and then please also mark a response as the solution]

2 Likes

Yes, I have restarted the apache server.

2 Likes

They do not have to be on the same certificate. Here is the output you requested:

bitnami@ip-172-26-13-6:~ certbot certificates The following error was encountered: [Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock' Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths. bitnami@ip-172-26-13-6:~ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: haslv.com
Domains: haslvapps.com *.haslv.com haslv.com
Expiry Date: 2021-05-01 05:27:04+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/haslv.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/haslv.com/privkey.pem
Certificate Name: haslvapps.com
Domains: haslvapps.com *.haslvapps.com
Expiry Date: 2021-05-01 03:57:01+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/haslvapps.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/haslvapps.com/privkey.pem


2 Likes

Run that again in little while to see if the lock problem persists:

3 Likes

Sorry, I clipped off the top part of the output you requested. First, I ran "certbot certificates" w/o sudo, therefore got the permissions error. Immediately after, I ran it with sudo and the output was:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: haslv.com
Domains: haslvapps.com *.haslv.com haslv.com
Expiry Date: 2021-05-01 05:27:04+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/haslv.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/haslv.com/privkey.pem
Certificate Name: haslvapps.com
Domains: haslvapps.com *.haslvapps.com
Expiry Date: 2021-05-01 03:57:01+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/haslvapps.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/haslvapps.com/privkey.pem


4 Likes

OK that makes sense.
At first glance, I would say that you don't really need the "haslvapps.com" name on the first cert.
And it can be removed (by hand - LOL).
[since it is already in the second cert]

OR
You can replace both certs with one and have all four names on it:
haslv.com *.haslv.com haslvapps.com *.haslvapps.com

2 Likes

Is there something missing here? haslv.com is a Wordpress site and it is secure. I had to use the Really Simple SSL plugin to integrate the SSL certificate with Wordpress. Is there something similar needed to integrate the MEAN stack application (haslvapps.com) to integrate it with the certificate as well ?

2 Likes

If you have already got the certs and they are renewing automatically, the worst is over.
[that was the hardest part]

Using the certs is up to the application.
If WordPress is happy, leave that alone.
If the MEAN (guy) is unhappy, then you might do well buy reviewing how it handles certs.
[not sure if any MEAN experts listen in on this forum - I'd try searching online for best MEAN help]

3 Likes

Everyone keep in mind that this is a Bitnami stack.

3 Likes
  1. Installed bncert-tool on the mean-stack instance.
  2. Used bncert-tool to apply the redirection for http and https. The Default Virtual Host section is modified for both http and https redirection by bncert-tool.
  3. Created two virtual hosts for the application, one for http and one for https. The default virtual host file references the additional app dependent virtual host files. These virtual files tell apache where the application resides and the port the application uses. This enables me to run multiple apps, each on their own port.
3 Likes

Sounds beautiful! :grinning: Well done!

2 Likes