Can not get my subdomains to sync


#1

Now, I run Mac OS High Sierra and it seems that nothing online worked until I came across two commands

/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”

This command pretty much reset my homebrew and allowed packages that couldn’t install to install. So I kept digging with no luck and found

sudo certbot certonly --manual --preferred-challenges dns -d advanceinfinance.com

This command worked and gave me the proper certs to install in godaddy. I have 2 major issues though, its only for the main site. Did I read something about wildcard possibility in January? Does it exist? Either way, I then tried to install all of the sub domains and got stopped beause it said one of the names were too long. These were all names that were blog posts, so had an extra /x/ in them in comparison to the others. Not sure if this has any significant meaning. I would love to get them to work but my main priority are my subdomains. I hear the way to do multiple subdomains(unless the wildcard works now?) is to put a comma between them. So I put this command

sudo certbot certonly --manual --preferred-challenges dns -d advanceinfinance.com/,advanceinfinance.com/square-cash-app/,advanceinfinance.com/ubereats-food-delivery/,advanceinfinance.com/limited-time-flight-vacation-deals/,advanceinfinance.com/ebates/,advanceinfinance.com/airbnb/,advanceinfinance.com/1/when-you-see-this-post/,advanceinfinance.com/1/square-cash-app/,advanceinfinance.com/1/ubereats/

I tried wiith commas between the domains as I read that’s how you get multiple domains, and I tried commas with spaces after them, no spaces afer them. I’ve been stuck at this a while. Im really new at this.

The error I got back was

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
/usr/local/Cellar/certbot/0.23.0/libexec/lib/python3.6/site-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Invalid character in DNS name
Please see the logfiles in /var/log/letsencrypt for more details.

Please help me fix this issue. oh and the other is the lock, I seem to have quite a few photos on the front page when it was protected showing up as not being http. but I can figure that out next.

My domain is: AdvanceInFinance.com

I ran this command:sudo certbot certonly --manual --preferred-challenges dns -d advanceinfinance.com
its the only one I got to work for me

It produced this output: It eventually ran its course and produced my certificates

My web server is (include version): GoDaddy Server cPanel

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): not certain

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Im using the cPanel in GoDaddy, and the wordpress dashboard


#2

Hi @TryingToSetUpShop,

The basic reason for the error that you’re getting is that certificates cover domain names (like www.example.com), not URLs (like https://www.example.com/some/file/). There’s no way for Let’s Encrypt to issue you a certificate for a particular path within a web site, and there’s no way for you to request that with Certbot. The “invalid character” here is the slash character /.

A single certificate for just the name advanceinfinance.com will cover all of these URLs and any other URL that you might create on this site in the future. (You might want to include www.advanceinfinance.com if there’s any chance that anyone will ever access the site under that name.)


#3

Subdomains are things like foo.example.com and bar.example.com, rather than paths like example.com/foo/bar.


#4

I thank you for the quick response, but when I had the certificates installed on my main page it gave a better warning, while the subdomains remained the same. I’ll set it up and show you again. If this is the case, whats this I read about a wildcard covering domains if it already does without adding and asterisk? and if I need to add one in terminal command somewhere to cover my site, please, let me know


#5

I’m not quite able to understand your question, but I’m happy to see what problem you’re having when your site is set up again.


#6

Hi,

Upon checking your site.
Your WordPress site doesn’t gave a green padlock (but https works) since your WordPress site address in backend doesn’t use https.
https://www.whynopadlock.com/results/6e51b6d8-d601-4104-a81f-0c7fd3ba8dc2

What you are trying is issue a certificate for each directory. (But certificates are covering all directory in one domain so there is no need to do so, and that’s also not allowed. As @schoen stated)

Wildcard does available now. And it’s only available by using DNS validation (which you currently are using).
A wildcard domain protect all your subdomains.
The correct commend is
sudo certbot certonly --manual --preferred-challenges dns -d advanceinfinance.com -d "*.advanceinfinance.com" (if you want to get a wildcard certificate that only has your root domain (main site) and first level wildcard domain (like whm.advanceinfinance.com, ftp.advanceinfinance.com etc))

Thank you


#7

If you do use a wildcard, please specify -d "*.advanceinfinance.com" instead of -d *.advanceinfinance.com. The * has a special meaning to the Unix shell and we’ve already had one person run into a bug because of a file in the current directory that had the same name as one of the subdomains!


#8

my misunderstanding, i appreaciate the clarification. As you can see from the main post, I was trying to get SSL on my paths not the subdomain. how is that achieavable?


#9

That is a matter of web server configuration, not certificate issuance. Once the certificate is issued, it should apply to the entire site. If you don’t see that, we’ll have to look into the web server configuration.


#10

does this work for paths as well? Can I run the terminall command and put -d “.advanceinfinance" or would it be
"
.advanceinfinance” -d or the * last and -d first? and do I actually use the quotations?


#11

You don’t need to include path (since the certificate won’t include paths on your domain) the only thing a tls certificate do is verify client are connecting to correct domain, not a specific path.

P.S. all paths are secured as of now.

Thank you


#12

The quotation marks are intended for the specific case where you’re requesting a wildcard with * because the * has a special meaning for Unix shells. They’re not really relevant otherwise.


#13

ok and to respond to your statement, most if the issues look like issues with the photos on my pages still routing through http not the https. Is there no way to fix that?


#14

This is called a mixed content problem. They are loaded in HTTP rather than HTTPS because the HTML source for your web site tells browsers to load them that way. So, you need to change your site content.

There may be some kind of CMS plugin that you can use to automate this process, depending on how you manage your site.

https://www.whynopadlock.com/ is a good resource for diagnosing mixed content problems because it identifies the specific resources that are included insecurely.

You can also set up a redirect from the HTTP version of your site to the HTTPS version, which doesn’t solve mixed content problems but does ensure that people get the secure HTTPS version automatically when they visit the site.


#15

Ok. You guys clearly spend a lot of time in the field. I wish I did as well.

The padlock site says it’s the photos, I’m sure this is a dumb question to you now, but with the photos being the culprit of me not getting a green lock, since I’m LetsCrypt certified, do you believe that I can reupload them, and they too would be htttps capabale, or maybe upload to an imaging website where only viewers with the link can see that is https. Do you believe that would work?


#16

Your site supports both HTTP and HTTPS. For example, the same image is available at

http://advanceinfinance.com/wp-content/uploads/2018/03/Example-of-popup-when-visiting-Groupon-site-resized.jpg

and

https://advanceinfinance.com/wp-content/uploads/2018/03/Example-of-popup-when-visiting-Groupon-site-resized.jpg

But if you look at the HTML source of the site, it specifically tells browsers to load the HTTP version:

<img class="aligncenter wp-image-61" src="http://advanceinfinance.com/wp-content/uploads/2018/03/Example-of-popup-when-visiting-Groupon-site-resized.jpg" alt="" width="864" height="517" />

What you have to change is that img tag and all of the other references in your site’s source to use the HTTPS references instead of the HTTP references. You don’t have to reupload anything or host anything anywhere else; you just have to make your site use HTTPS references to your existing site resources.

If you have some kind of CMS that generates the HTML for you, you’ll need to configure that CMS to understand that site references should start with https://advanceinfinance.com/ instead of http://advanceinfinance.com/.


#17

Ive got to figure that one out. dont know why its uploading https but showing http. maybe its simply my train of thought as I hadnt had https before


#18

It looks like a WordPress site, so you might for example need to set your WordPress site URL to tell it that the base URL is HTTPS rather than HTTP, because presumably WordPress is dynamically generating all of the site content each time.


#19

changed the first error on whynopadlok and put https and it still gives me the unsecure error


#20

You have to fix all of them in order to get rid of the error.