I have an AWS EC2 instance running on public IP where two different domain websites are being setup.
My domain are : tattvadesigns.co.in and zestatech.com
My web server is (include version): Apache 2.4.39
The operating system my web server runs on is (include version): Windows Server 2012 R2
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don’t know): YES, through RDP I login into the Virtual Machine.
I am using latest Wamserver with Virtual Host and Wordpress to setup two websites - one for tattvadesigsn.co.in and another for zestatech.com .
For SSL I need a certificate but I understand that I cannot get certificate for IP but for domain. Since I have two domains, I understand I have to get a UCC SSL certificate. Please help me with the process. I have downloaded win-acme.
Thanks Phil…The client I am planning to use is in the list - win-acme.What I want to know is can a single certificate work for two different domains - tattvadesigns.co.in and zestatech. I have been searching on the Internet and trying to find that if I take a certificate with one domain - say tattvadesigns,co.in , can apache be configured to take the ssl request for the second domain - zestatech.com
I tried creating a certificate for domain tattvadesigns.co.in using win-acme client…I am posting the entire command and response…It gives authorisation error … The webserver is Apache 2.4.39 on Windows 2012 R2 Server on AWS running Wamp 3.0 with Wordpress.
I checked on the browser to access a file using http://ipaddress/tattvadesigns/ , I am able to browse but with the command http://tattvadesigns.co.in/ it shows the website home page. The domain tattvadesigns.com has been redirect URL to http://ipaddress/tattvadesigns.
c:\ftp\win-acme.v2.0.7.315>wacs.exe --target manual --host www.tattvadesigns.co.
in --validation filesystem --webroot “C:\wamp\www\tattvadesigns” --store pemfile
s --pemfilespath “C:\ftp” --test --verbose
[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.0.7.315 (RELEASE)
[INFO] IIS not detected
[INFO] Please report issues at https://github.com/PKISharp/win-acme
[VERB] Verbose mode logging enabled
[VERB] Arguments: --target manual --host www.tattvadesigns.co.in --validation f
ilesystem --webroot C:\wamp\www\tattvadesigns --store pemfiles --pemfilespath C:
\ftp --test --verbose
[DBUG] Config folder: C:\ProgramData\win-acme\acme-staging-v02.api.letsencrypt.
org
[DBUG] Certificate cache: C:\ProgramData\win-acme\acme-staging-v02.api.letsencr ypt.org\Certificates
[VERB] Settings SettingsService {ConfigPath=“C:\ProgramData\win-acme\acme-st aging-v02.api.letsencrypt.org”, CertificatePath=“C:\ProgramData\win-acme\acme
-staging-v02.api.letsencrypt.org\Certificates”, ClientNames=[“win-acme”, “win-a
cme”], RenewalDays=55, HostsPerPage=50, ScheduledTaskRandomDelay=00:00:00, Sched
uledTaskStartBoundary=09:00:00, ScheduledTaskExecutionTimeLimit=02:00:00}
[VERB] Sending e-mails False
[DBUG] Renewal period: 55 days
[INFO] Running in mode: Unattended, Test
[INFO] Target generated using plugin Manual: www.tattvadesigns.co.in
[VERB] Checking [Manual] www.tattvadesigns.co.in
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-staging-v02.api.letsenc rypt.org\Signer_v2
[DBUG] Send GET request to https://acme-staging-v02.api.letsencrypt.org/directo
ry
[DBUG] Send HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/n
ew-nonce
[DBUG] Loading account information from C:\ProgramData\win-acme\acme-staging-v0 2.api.letsencrypt.org\Registration_v2
[DBUG] Send POST request to https://acme-staging-v02.api.letsencrypt.org/acme/n
ew-order
[DBUG] Send GET request to https://acme-staging-v02.api.letsencrypt.org/acme/au
thz/uzOV9TIgpXQjwB4AFk1LQ026ZCsUQkdNokwdtcsnpHI
[INFO] Authorize identifier: www.tattvadesigns.co.in
[INFO] Authorizing www.tattvadesigns.co.in using http-01 validation (FileSystem
)
[VERB] Writing file to C:\wamp\www\tattvadesigns.well-known\acme-challenge\YDP
fQhf3NpjmnqeIRZlV1-kaTrr1rY-1ktRx62r-rM0
[INFO] Answer should now be browsable at http://www.tattvadesigns.co.in/.well-k
nown/acme-challenge/YDPfQhf3NpjmnqeIRZlV1-kaTrr1rY-1ktRx62r-rM0
[WARN] Preliminary validation failed, found (null) instead of YDPfQhf3NpjmnqeIR
ZlV1-kaTrr1rY-1ktRx62r-rM0.NCffHFKn7CGHb8lTNQGzq-jtzRdGqLgK2dJ9KK8NNcI
[DBUG] Submitting challenge answer
[DBUG] Send POST request to https://acme-staging-v02.api.letsencrypt.org/acme/c
hallenge/uzOV9TIgpXQjwB4AFk1LQ026ZCsUQkdNokwdtcsnpHI/323813703
[DBUG] Refreshing authorization
[DBUG] Send GET request to https://acme-staging-v02.api.letsencrypt.org/acme/ch
allenge/uzOV9TIgpXQjwB4AFk1LQ026ZCsUQkdNokwdtcsnpHI/323813703
[EROR] {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://www.tattvadesigns.co.in/.well-known/ac
me-challenge/YDPfQhf3NpjmnqeIRZlV1-kaTrr1rY-1ktRx62r-rM0 [184.168.131.241]: “<!
DOCTYPE HTML PUBLIC \”-//W3C//DTD HTML 4.01//EN\”\n \“http://www.w3.org
/TR/html4/strict.dtd\”>\n\n\n\n Tattvadesi"",
“status”: 403
}
[EROR] Authorization result: invalid
[DBUG] Deleting answer
[VERB] Deleting file C:\wamp\www\tattvadesigns.well-known\acme-challenge\YDPfQ
hf3NpjmnqeIRZlV1-kaTrr1rY-1ktRx62r-rM0
[VERB] Deleting folder C:\wamp\www\tattvadesigns.well-known\acme-challenge
[VERB] Deleting folder C:\wamp\www\tattvadesigns.well-known
[EROR] Create certificate failed: Authorization failed
You can't create a certificate via http-01 validation if you use such a "frame redirect". And a certificate would not work, if you use src="ip-address".