Adding a second domain to a certificate


#1

I have a Wordpress multisite setup using Trellis and Bedrock. The point of this website means that it involves adding new domain names on a regular basis. I do this by adding the new domain name, for example domain2.com, to the wordpress_sites.yml file like this:

site_hosts:
  - domain1.com
  - domain2.com

I use Let’s Encrypt for SSL certificates, which worked like a charm for the initial domains – but not for the domains I added later. At first I got an error when running ansible-playbook server.yml -e env=production that the DNS record should point to the webserver (which it already did), but I solved that by setting

ssl:
  enabled: false

Then running ansible-playbook server.yml -e env=production, change it back to

ssl:
  enabled: true

And then running ansible-playbook server.yml -e env=production again. I think the DNS Let’s Encrypt error stopped Nginx from updating the vhost. This way Let’s Encrypt had no way to reach the webserver to verify it.

After that verification worked like a charm and I got all greens when running the server playbook.

The problem is that Chrome returns a red lock saying the certificate is not valid for domain2.com. Yet is still is valid for domain1.com. Is this because there was already a certificate issued for the main domain? If so, how do I go about fixing this?


#2

You need either a cert with all the domains on or separate certs for each domain (only if they have separate vhosts).

If you used certbot for your original cert it can be replaced with one for both domains by using multiple -d flags and the --expand flag.


#3

Thank you for your quick response!

I think Trellis uses Acme Tiny to request the certificate. Can I use the same flags with that script?


#4

No, Acme Tiny requires a previously created CSR, this should have been done automatically by Trellis.

Do you have provider: letsencrypt after

ssl:
    enabled: false

#5

Yes it looks like this:

ssl:
  enabled: true
  provider: letsencrypt

Like I said, it works like a charm on the first domain, just adding a new domain doesn’t work.


#6

I think you need to open a ticket on the Trellis github account. It sounds like their system is not picking up the fact that you have added additional domains.

In the meantime, you could manually request the certificate.


#7

Thank you, I’ll try to do that and open up a ticket.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.