couzo
August 16, 2021, 8:41am
1
My domain is: daniellewisjj,com
I ran this command: certbot --apache
It produced this output: shows current domains with the wordpress multisite setup but not the new site addition
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.31.0
Short version hopefully. Setup Wordpress for multisite use with domains dlmdesigns.co.uk then the multisites are daniellewisjj.uk , inmotionbucks.uk , thegrapplingaddict.com these all worked great and have ssl. They are associated with the dlmdesigns.co.uk website as their cert issued to.
However I transferred in daniellewisjj.com and would like the replace daniellewisjj.uk with the .com version. However I cannot seemingly add the .com
When I run certbot --apache I get the other 4 domains listed but not the daniellewisjj.com one. It currently has it's own wordpress site with the initial hello world content so it is active.
Any help on this would be great.
rg305
August 16, 2021, 10:00am
2
Hi @couzo , and welcome to the LE community forum
Sounds like a typical Apache/WordPress
... confusion.
Start with the output of:
sudo apachectl -t -D DUMP_VHOSTS
couzo
August 16, 2021, 1:30pm
3
Thanks for the welcome @rg305
That outputs
VirtualHost configuration:
*:443 85.159.210.215 (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:2)
*:80 85.159.210.215 (/etc/apache2/sites-enabled/wordpress.conf:6)
1 Like
rg305
August 17, 2021, 3:04am
4
We should have a look at those two files.
couzo
August 17, 2021, 7:12am
5
wordpress.conf
<Directory /var/www/wordpress/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName 85.159.210.215
ServerAdmin webmaster@localhost
DocumentRoot /var/www/wordpress/
ErrorLog /var/log/apache2/wordpress/error.log
CustomLog /var/log/apache2/wordpress/access.log combined
<files xmlrpc.php>
order allow,deny
deny from all
</files>
RewriteEngine on
RewriteCond %{SERVER_NAME} =daniellewisjj.uk [OR]
RewriteCond %{SERVER_NAME} =85.159.210.215 [OR]
RewriteCond %{SERVER_NAME} =thegrapplingaddict.com [OR]
RewriteCond %{SERVER_NAME} =dlmdesigns.co.uk [OR]
RewriteCond %{SERVER_NAME} =inmotionbucks.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
wordpress-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName 85.159.210.215
ServerAdmin webmaster@localhost
DocumentRoot /var/www/wordpress/
ErrorLog /var/log/apache2/wordpress/error.log
CustomLog /var/log/apache2/wordpress/access.log combined
<files xmlrpc.php>
order allow,deny
deny from all
</files>
ServerAlias dlmdesigns.co.uk
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias inmotionbucks.uk
ServerAlias thegrapplingaddict.com
ServerAlias daniellewisjj.uk
SSLCertificateFile /etc/letsencrypt/live/dlmdesigns.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dlmdesigns.co.uk/privkey.pem
</VirtualHost>
</IfModule>
rg305
August 17, 2021, 7:50am
6
The secured config seems to use four names; but not the one you are looking for:
Please show:
certbot certificates
to better understand where, and how, to place the missing name.
While the HTTP config doesn't use any names at all.
But because it is the only HTTP config, it will be the default used when a name is not exactly matched.
couzo
August 17, 2021, 7:56am
7
Found the following certs:
Certificate Name: dlmdesigns.co.uk
Domains: dlmdesigns.co.uk daniellewisjj.uk inmotionbucks.uk thegrapplingaddict.com
Expiry Date: 2021-11-13 18:51:07+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/dlmdesigns.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dlmdesigns.co.uk/privkey.pem
I setup these sites up with the wp multisites process first and want to add the daniellewisjj.com after these if that helps at all.
rg305
August 17, 2021, 8:21am
8
Step #1: Replace that cert with one that has all the names on it.
This may require:
fixing WordPress to serve the missing site (at least via HTTP)
OR
running certbot
without --apache
and in a way that can get all the names on one cert
I would choose the second option... but I'm not much into pressing words.
couzo
August 17, 2021, 8:45am
9
I will try the second option. Sorry could you clarify what you mean by run certbot without --apache?
couzo
August 17, 2021, 8:48am
10
I am wondering if it would be better to remove the certificates and start again?
couzo
August 17, 2021, 8:48am
11
I ran cerbot and got the same list of names.
rg305
August 17, 2021, 8:49am
12
OK.
As a test, I would start with something like:
certbot certonly \
--cert-name all-sites \
--webroot -w /var/www/wordpress \
-d "daniellewisjj.com,daniellewisjj.uk,dlmdesigns.co.uk,inmotionbucks.uk,thegrapplingaddict.com" \
--dry-run
[add any domains that I might have missed]
couzo
August 17, 2021, 8:51am
13
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for daniellewisjj.com
http-01 challenge for daniellewisjj.uk
http-01 challenge for dlmdesigns.co.uk
http-01 challenge for inmotionbucks.uk
http-01 challenge for thegrapplingaddict.com
Using the webroot path /var/www/wordpress for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
The dry run was successful.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
rg305
August 17, 2021, 8:51am
14
You missed the fine print :
rg305
August 17, 2021, 8:54am
15
BINGO!
Now just remove the --dry-run
to get a new cert with all those names on it.
[note: It has a new cert name ("all-sites") and will create a new cert path - which we will have to switch to in the file: /etc/apache2/sites-enabled/wordpress-le-ssl.conf
]
Then after we switch to the new cert, we can delete the old cert.
Do you know how to edit a file?
couzo
August 17, 2021, 8:56am
16
Great so I need to run
certbot certonly \
--cert-name all-sites \
--webroot -w /var/www/wordpress \
-d "daniellewisjj.com,daniellewisjj.uk,dlmdesigns.co.uk,inmotionbucks.uk,thegrapplingaddict.com"
Then edit the wordpress-le-ssl.conf
couzo
August 17, 2021, 8:57am
17
Yes I kind of go old (Simple) school my editing and do it notepad style but I can do it.
1 Like
rg305
August 17, 2021, 8:57am
18
remove the --dry-run
and the trailing "\" in the line above it.
but yes and yes.
One step at a time.
Get the new cert.
Then show the output of:
certbot certificates
couzo
August 17, 2021, 8:59am
19
Obtaining a new certificate
IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/all-sites/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/all-sites/privkey.pem
Your cert will expire on 2021-11-15. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation
1 Like
rg305
August 17, 2021, 9:00am
20
There should be two certs now.