Certificate for second domain missing? (same IP)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: chelsealeventhal.net and www.chelsealeventhal.net

I ran this command: sudo certbot certonly -a manual -d chelsealeventhal.net -d www.chelsealeventhal.net --email my@email.address

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chelsealeventhal.net
http-01 challenge for www.chelsealeventhal.net


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y


Create a file containing just this data:

Gq3Toc6P8hakROhbROKQKNzXSrCbtmS1QoaagCBQyRY.08ZKBKx1sRRfg5qxisMN-eD4U8K4TpbXiWefU1Zh6GY

And make it available on your web server at this URL:

http://chelsealeventhal.net/.well-known/acme-challenge/Gq3Toc6P8hakROhbROKQKNzXSrCbtmS1QoaagCBQyRY


Press Enter to Continue


Create a file containing just this data:

f4VyJKpqTU8bGSp09ym6sQWYmTmYD1Ne6yLB-KYw6Ec.08ZKBKx1sRRfg5qxisMN-eD4U8K4TpbXiWefU1Zh6GY

And make it available on your web server at this URL:

http://www.chelsealeventhal.net/.well-known/acme-challenge/f4VyJKpqTU8bGSp09ym6sQWYmTmYD1Ne6yLB-KYw6Ec


Press Enter to Continue
Waiting for verification…
Resetting dropped connection: acme-v01.api.letsencrypt.org
Resetting dropped connection: acme-v01.api.letsencrypt.org
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/chelsealeventhal.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/chelsealeventhal.net/privkey.pem
    Your cert will expire on 2019-06-26. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Website is hosted on gitlab.com

The operating system my web server runs on is (include version): ?

My hosting provider, if applicable, is: gitlab.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. We are using a separate service for custom domain hosting though.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.23.0

So I thought I was creating 2 certificates for the two domains (which both point to the same IP address though). In the letsencrypt directory that was created, I can find only one of the domains. Or am I supposed to use the certificate and key for both of them?

Thanks a lot!

Hi @ariaru

you have created one certificate with both domain names ( https://check-your-website.server-daten.de/?q=chelsealeventhal.net ):

CN=chelsealeventhal.net
	28.03.2019
	26.06.2019
expires in 84 days	chelsealeventhal.net, 
www.chelsealeventhal.net - 2 entries

But your configuration is wrong: Your non-www uses that certificate. Your www use the gitlab-Certificate:

CN=*.gitlab.io, OU=Domain Control Validated
	19.11.2018
	18.01.2020
expires in 290 days	*.gitlab.io, gitlab.io - 2 entries

So change your configuration so both vHosts use the same certificate.

3 Likes

When you run one Certbot command, it issues one certificate.

If you create a new certificate by running “certbot -d example.com -d example.net”, it issues a certificate that includes those two names and then saves it in a directory named “example.com” by default.

You can run “sudo certbot certificates” to display the certificates Certbot is managing, the directory names they’re saved in, and the hostnames they actually cover.

2 Likes

Thanks a lot @JuergenAuer and @mnordhoff!

I wasn’t sure whether I could use the same certificate for both domains (was somehow expecting two different ones instead), so indeed I hadn’t added it to the www domain yet.

But great, it looks like it’s working now :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.