Hey is there a option to get a new certificate for just a sub domain?
Lets say my site runs on server A on example.com www.example.com and blog.example.com - the subdomain cloud.example.com points to server B. Is there a option with the certbot to get this setup running? I didn’t succeed.
Both server run on nginx.
Thanks anyway!
Hi @Gurkengewuerz, what did you try to do and how did it fail?
Are you trying to use server A to get the certificate that will ultimately be used on server B? Or are you using server B exclusively? Or did you want two different certificates, one for www.example.com and blog.example.com and the other only for cloud.example.com?
@schoen thank you for your answer.
On server A I used this command:
./certbot-auto certonly --standalone --email info@example.com --agree-tos --rsa-key-size 4096 -d example.com -d www.example.com -d blog.example.com
And on server B that command (here also runs a other full Domain, which fine):
./certbot-auto certonly --standalone --email info@example.com --agree-tos --rsa-key-size 4096 -d mydomain.tld -d www.mydomain.tld -d cloud.example.com
So both runs its own challenge.
Maybe I missed something.
Thank you for your help!
Edit: in /etc/letsencrypt/live/ is just mydomain.tld on Server B
@Gurkengewuerz, what you described should work fine; I can’t think of any problem with this. If you encountered a problem, I don’t think it’s related to the content of the certificates that you’re requesting. Maybe you can give us some more specific information about error messages you encountered?
Based on what I think you want, just don’t specify a domain that the server can’t pass verification. That should mean for server B, just use “-d cloud.example.com” and drop the “-d www.example.com”. Assuming you pass the verification, you’ll get a certificate only for cloud.example.com.
Yes indeed, just request the certificate for the subdomain you want. So if you want a cert for only secure.mydomain.com then just request that one certificate. When you need a cert for another subdomain private.mydomain.com at a later date then request it when needed. My root domain spans across 4 Ubuntu servers, some run mail, some run web sites and each server has it’s own certbot installation and it’s own subdomain level certs. So I request those certs as follows
sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m dnsadmin@mydomain.com -d secure.mydomain.com --renew-by-default
Thanks all I will try I today. Is there a option to begin from the start? Could I just delete /etc/letsencrypt/live and submit a new one?
First back up /etc/letsencrypt/live before you try that. Are there currently certs in that folder?
Also add the --dry-run flag onto the end of the certbot command so you can see output / errors before you actually generate a cert.
@all Thanks for your help.
I Dont know what was wrong in the configuration. I backuped the full /etc/letsencrypt directory and started everything from new. Now it works fine 
Thanks for your time.
Awesome glad it’s all working now, have fun
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.