Please see the info below and looks like I am missing something or next steps? Thanks –
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
"certonly" means "only obtain the certificate, don't install it". So you still have to install your new certificate in your Apache configuration yourself in this case.
It ran and asked to keep the existing certificates and then shown this:
No vhost exists with servername or alias for domain *.thegioitours.com. No vhost was selected. Please specify ServerName or ServerAlias in the Apache config.
Sorry for many questions and thanks for your help.
How are you expecting to use the wildcard in terms of your Apache configuration? Did you just want to add specific virtual hosts with specific subdomain names without having to get a new certificate, or are you planning to a have default or wildcard virtual host that you use together with a wildcard DNS entry? Or some other approach?
I plan to put together a multisite wordpress blog with thegioitours.com as main site and *.thegioitours.com as sub-domain site and I want all main and sub-domain sites on that wordpress multisite with https.
Not sure if it answers your questions but that’s the use case.
make a copy of 000-default.conf in sites-available, run sudo a2ensite name-of-new-conf-file (you can also just create the symlink to sites-enabled manually), and add ServerName thegioitours.com and ServerAlias *.thegioitours.com to the vhost.
What did you do on this machine to set up WordPress?
Just an FYI: https://crt.sh/?q=%.thegioitours.com
There have been six certs registered that contain “*.thegioitours.com” and two of them are from CloudFlare.
@joohoi, using the power of time zones, you might be able to help out with this before me. If not, no worries, I can try and provide instructions tomorrow morning.
Apache supports running multiple virtual hosts on the same server simultaneously. It is able to select the correct VirtualHost (and hence the correct settings from filesystem path to logging settings) for serving this request by looking at the ServerName and ServerAlias settings inside of the VirtualHost configuration blocks. If no matching names are found, it will serve you the request using the first VirtualHost block it can find in its configuration (there is some magic involved with creating the effective in-memory configuration tree, but that’s irrelevant here). This is also how Certbot handles the VirtualHost discovery.
What the Certbot Apache plugin does when installing a certificate is:
It reads your configuration and searches for ServerName or ServerAlias directives that match the domain names in the certificate that’s being installed.
If multiple matching VirtualHosts are found, Certbot will ask the user to pick one of them.
Certbot then proceeds copying the selected VirtualHost configuration to a new file that will become the HTTPS VirtualHost with a proper TLS configuration.
The issue that you are facing currently, is that default Apache installation doesn’t have any ServerName or ServerAlias configured and Certbot isn’t able to find one to configure for you.
Solution for this is rather simple though; Like suggested in the comment above, adding a ServerName and ServerAlias to your existing configuration should make the existing VirtualHost discoverable by Certbot.
The easiest way would be just to edit /etc/apache2/sites-enabled/000-default.conf directly, adding lines: