In order to understand my question, I need to start by explaining what I'm trying to do.
I have a web app that's split in two parts:
- I have a React app that's hosted on a web hosting service and has a valid SSL certificate provided by the hosting service.
- I have a Java (SpringBoot) application that I host on a Google Compute Engine VM running Debian 10 (my database is on this VM too). The Java application is a REST API server.
I press a button on the website, the React app sends a HTTP request to my Java app, which sends back a response.
I went ahead and setup a subdomain (api.mydomain.ro) that "redirects" to the IP of my Java application, so I can use the subdomain for the requests rather than an IP address.
However, this is all HTTP, so these calls don't go through on the HTTPS version of my website.
When I run certbot on the Google VM to generate a SSL certificate for my Java application it asks for a domain.
I can think of 3 domains that it could ask for, but it's not giving me any details. (all 3 of these have SSL enabled)
- I have the main domain (domain.ro / www.domain.ro), there's nothing on this one. My application doesn't use this domain at all.
- I have the subdomain where my React app is actually deployed / displayed (subdomain-name.domain.ro)
- I have the subdomain where I make the API calls to, that "redirects" to the IP address of my Java application (api.domain.ro)
Which of these is certbot asking for in order to generate a certificate for my Java application so I can use HTTPS endpoints for the API? The domain and the 2 subdomains have working SSL certificates generated by the hosting service. Am I supposed to use one of those to secure my Java application? I've spent 2 days trying to learn about certificates, and all I've managed to do is break my VM twice (generating a certificate that doesnt work, removing it which breaks the apache webserver)