Hi all,
First of all sorry for rather long post!
Did have a look through the forums on this particular issue am having, which is how do i go about adding a new domain thats been added as an additional alias in the vhost config, the server is apache based.
Both domains (existingdomain.com & newdomain.com) are publicly available with dns pointing to same box where their hosted on.
With separate landing pages working also over http/https but 301 redirects setup in vhost for each.
I have tried;
certbot --expand -d existingdomain.com -d newdomain.com
sudo@Bot:/# certbot --expand -d existingdomain.com -d newdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for existingdomain.com
tls-sni-01 challenge for newdomain.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. newdomain.com (tls-sni-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for newdomain.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: newdomain.com
Type: None
Detail: DNS problem: SERVFAIL looking up CAA for newdomain.com
sudo@Bot:/#
Or even trying with
certbot --webroot -w /path/to/existingdomain.com/html certonly -d existingdomain.com -d newdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/existingdomain.com.conf)
It contains these names: existingdomain.com
You requested these names for the new certificate: existingdomain.com,
newdomain.com.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/©ancel:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for existingdomain.com
http-01 challenge for newdomain.com
Using the webroot path /home/webmaster/existingdomain.com for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. newdomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://newdomain.com/.well-known/acme-challenge/SVBo3TUxlCgznZzNeJNYgrQdyKHl78C_OM4mve3EeF4 [213.142.225.76]: 500
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: newdomain.com
Type: unauthorized
Detail: Invalid response from
http://newdomain.com/.well-known/acme-challenge/SVBo3TUxlCgznZzNeJNYgrQdyKHl78C_OM4mve3EeF4
[213.142.225.76]: 500To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
sudo@Bot:/#
from: /var/log/letsencrypt/letsencrypt.log
2018-11-22 11:06:48,633:DEBUG:certbot.main:Root logging level set at 20
2018-11-22 11:06:48,634:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-11-22 11:06:48,634:DEBUG:certbot.main:certbot version: 0.10.2
2018-11-22 11:06:48,634:DEBUG:certbot.main:Arguments: [’–webroot’, ‘-w’, ‘/path/to/existingdomain.com/html’, ‘-d’, ‘existingdomain.com’, ‘-d’, ‘newdomain.com’]
2018-11-22 11:06:48,635:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2018-11-22 11:06:48,635:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2018-11-22 11:06:48,635:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f110e8fa990>
Prep: True
2018-11-22 11:06:48,636:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f110e8fa990> and installer None
2018-11-22 11:06:48,639:DEBUG:certbot.main:Picked account: <Account(238a0839c7222adafe----------)>
2018-11-22 11:06:48,640:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-11-22 11:06:48,643:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org