Conflict between two secured addresses?

I am trying to secure a subdomain in a different server from the domain.

A coworker is in charge of the domain and he got the certificate from SSLforfree, using a wildcard (*.example.com), while I used certbot on ubuntu 18.04 on the other server. I followed the steps from the certbot documentation for the subdomain sub.example.com without issues.

I tried with auto and manual configuration of Apache from the certbot wizard, but no matter what I do I can’t see the site from the subdomain I’m working.

Are there any issues regarding the domain server being set up that way? Or it’s that I haven’t configured my server as it should?

Thanks in advance.

My money is on:

Can you show the config files?

Here are the two files:

# 000-default.conf
<VirtualHost *:80>

ServerName sub.example.com
        DocumentRoot /var/www/html
        Redirect permanent / https://sub.example.com

#Default LE config Values

#RewriteEngine on
#RewriteCond %{SERVER_NAME} =plataforma.lab4school.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>
# sub.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerName sub.example.com
DocumentRoot /var/www/html


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/sub.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sub.example/privkey.pem

</VirtualHost>
</IfModule>

Do those files exist?

You said something about a wildcard cert... ? ? ?
[there is a typo there: sub.example/privkey.pem]

Sorry, it was my fault adding manually the code here, but it’s ok on the server side.

Yes, there’s a wildcard on the domain, but now that changed because my coworker changed the cert and it’s applicable to the www.example.com and example.com.

But… I’m still facing the same problem.

It is extremely difficult to help you without the actual domain name...
But here goes:

Start by reviewing which certs you actually have.
Possibly:
certbot certificates
Then match that list with the sites being served.
Possibly:
apachectl -S

good luck

How is that related to:

"Too many cooks..."

I managed to solve it: Everything was fine with the config, but I had to grant permission at a console level for port 443 to be allowed.

My last question to anyone or to you rg305: If the domain had a *.domain.com cert in a X server, and the other server Y with the subdomain.domain.com, can a wildcard in X put into trouble any attempt to SSL the Y subdomain?

Thanks rg305 for all your help.

1 Like

They are completely separate and don’t affect each other in such a way.
DNS will dictate where the Y domain is.
If the site at Y has a cert for Y or a wildcard that covers the Y name, it should work without any issue.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.