Otherwise, you could switch to using certbot from --apache authentication to --webroot and only use the apache installer (hopefully that will still work).
Like:
certbot run -a webroot -i apache -w /domain/root -d actual.domain
|_________| |________| |_______| |______________________________|
should i replace domain with nnaira.website or example com
which is my server default website or the website am trying to get ssl for
Where?
Please don't be so vague.
You need to run certbot once per cert.
You can add all the domain names needed on one cert (up to 100).
[so the main name plus all the aliases]
i mean, should i run this code directly in ssh terminal? without editing "domain"
certbot run -a webroot -i apache -w /domain/root -d actual.domain
No that is just an example.
You have to replace
/domain/root
with actual document root
and replace
actual.domain
with your actual domain (and all aliases - comma separated within quotes)
"domain.one,alias1,alias2,alias3"
You can only list names that use that single document root.
When you want to add other names (from another document root), you must separate them with a new
-w /other/root -d "other.name,otheralias1,otheralias2,otheralias3"
OR
run certbot allover again to create a separate cert for the other name.
this is what i run in terminal
certbot run -a webroot -i apache -w /root -d "*.example.com, wildcard.example.com"
it said
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError('Could not find configuration root')
I can't find anything specific to fix that problem.
If you need a cert today, we could skip using apache altogether with:
certbot certonly -a webroot -w /root -d "*.example.com,wildcard.example.com"
This will require you to make whatever changes are needed within the HTTPS section manually.
Otherwise we can call for help (but with the ongoing holidays, not sure when it will arrive)
For documentation, please show:
certbot certificates
certbot --version
wow..seems like it worked, it asked for email
Let's see.
Show:
certbot certificates
no certs found
but in the previous step, i put in my email and accepted terms
In red it said...
An unexpected error occurred:
The request message was malformed :: Error creating new order :: Domain name "wildcard.example.com" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.
I guess it did not work.
OMG - I just realized you are trying to get a wildcard cert.
Wildcard certs require DNS authentication.
Did it prompt you for you to create a DNS TXT record?
how do i tell it to create certs for
.example.com
and
..example.com
and
...example.com
its hiding the asterisks before the dots
We can't use HTTP authentication for wildcards.
There is no way to include two * in the FQDN.
Only one is allowed and has to be all the way left.
So:
www.*.my.domain is invalid
*.*.my.domain is invalid
However:
*.sub.domain is valid
*.many.levels.deep.sub.domain is valid
[there is a limit of included dots... I think 6 is max]
so how do i get certificates for dynamic multi level subdomains
for example
google.co.uk.example.com
google.com.example.com
etc, not limited to google
There is no such thing.
You have to include all the levels to the right of it (individually).
Or replace the left most dots with dashes.
*.too-many-sub-domains-deep.my.domain would be valid (3 dots)
*.too.many.sub.domains.deep.my.domain may not be valid (7 dots)
the max subdomains i am expecting is 3 dots
e.g
domain.co.uk.example.com
i dont intend to secure anything more than 3, its 2 and 3 dots am after here
How can i achieve this because i know a number of sites that currently do it, and their ssl certs are from letsencrypt
I count four dots in that name...
But I think I understand you.
Do you understand the restrictions/limitations?
Show one and we can review their cert(s).