Apache mod_md does not add new domain to existing certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: elynceus.com

I ran this command:
I add a new subdomain (elynceus-server.elynceus.com), in httpd-ssl.conf file, to a certificate containing the main domain and 2 sub-domains
Restart Apache

It produced this output:
"state-descr": "certificate(rsa) does not cover all domains.",

My web server is (include version):
Apache 2.4.62

The operating system my web server runs on is (include version):
Windows Server 2019 Essentials

My hosting provider, if applicable, is:
I host my own server

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Apache md (mod_md)

2

I don't see that domain name in the public DNS. Let's Encrypt Server needs to find that name in the public DNS. Just adding it to your local Apache config is not enough.

If you review the Apache error log and/or mod_md status it would show the reason the cert request failed. I don't remember off-hand which one shows it. But, I know for sure you need an A or AAAA record in the public DNS :slight_smile:

4 Likes
4

OK. Thanks
I see my mistake now!
But in fact elynceus-server.elynceus.com is not a domain name!
It is my server name. I was trying to add it because of some messages I was receiving from my Antivirus.

2 Likes
5

But if you require a certificate for that hostname, it needs to be in the public DNS.

6

And if you don't [require a cert nor serve any web content for it], then remove it from the web server.

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.