Conflict between two secured addresses?

loleiters · May 12, 2020, 10:18pm

I am trying to secure a subdomain in a different server from the domain.

A coworker is in charge of the domain and he got the certificate from SSLforfree, using a wildcard (*.example.com), while I used certbot on ubuntu 18.04 on the other server. I followed the steps from the certbot documentation for the subdomain sub.example.com without issues.

I tried with auto and manual configuration of Apache from the certbot wizard, but no matter what I do I can’t see the site from the subdomain I’m working.

Are there any issues regarding the domain server being set up that way? Or it’s that I haven’t configured my server as it should?

Thanks in advance.

rg305 · May 12, 2020, 10:23pm

My money is on:

Can you show the config files?

loleiters · May 13, 2020, 1:10pm

Here are the two files:

# 000-default.conf
<VirtualHost *:80>

ServerName sub.example.com
        DocumentRoot /var/www/html
        Redirect permanent / https://sub.example.com

#Default LE config Values

#RewriteEngine on
#RewriteCond %{SERVER_NAME} =plataforma.lab4school.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

# sub.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerName sub.example.com
DocumentRoot /var/www/html


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/sub.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sub.example/privkey.pem

</VirtualHost>
</IfModule>

rg305 · May 13, 2020, 1:18pm

Do those files exist?

You said something about a wildcard cert… ? ? ?
[there is a typo there: sub.example/privkey.pem]

loleiters · May 14, 2020, 11:24pm

Sorry, it was my fault adding manually the code here, but it’s ok on the server side.

Yes, there’s a wildcard on the domain, but now that changed because my coworker changed the cert and it’s applicable to the www.example.com and example.com.

But… I’m still facing the same problem.

rg305 · May 14, 2020, 11:41pm

It is extremely difficult to help you without the actual domain name…
But here goes:

Start by reviewing which certs you actually have.
Possibly:
certbot certificates
Then match that list with the sites being served.
Possibly:
apachectl -S

good luck

How is that related to:

“Too many cooks…”

loleiters · May 15, 2020, 11:41pm

I managed to solve it: Everything was fine with the config, but I had to grant permission at a console level for port 443 to be allowed.

My last question to anyone or to you rg305: If the domain had a *.domain.com cert in a X server, and the other server Y with the subdomain.domain.com, can a wildcard in X put into trouble any attempt to SSL the Y subdomain?

Thanks rg305 for all your help.

rg305 · May 16, 2020, 12:05am

They are completely separate and don’t affect each other in such a way.
DNS will dictate where the Y domain is.
If the site at Y has a cert for Y or a wildcard that covers the Y name, it should work without any issue.

system · June 14, 2020, 11:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.