Hi,
I’m having lots of trouble getting multiple certificates working on my server, using CentOS 6 and Apache 2.2.15.
I have several domains, some with lots of subdomains - for example:
cooldomain.com
niftydomain.com
superdomain.com
test1.superdomain.com
test2.superdomain.com
staging.superdomain.com
editing.superdomain.com
www.superdomain.com
weirdjavaapp.superdomain.com
I had thought I should get separate certificates for each domain, so I tried this:
./certbot-auto --apache -d cooldomain.com -d www.cooldomain.com
./certbot-auto --apache -d niftydomain.com -d www.niftydomain.com
In both cases, I ultimately managed to get certs created:
Congratulations! You have successfully enabled https://cooldomain.com and
https://www.cooldomain.com
Congratulations! You have successfully enabled https://niftydomain.com and
https://www.niftydomain.com
However, I can’t get both certs working at the same time. Every time I tweak the individual virtual host config files and then try to reload, one works and one fails. The one that fails tells me the cert is only good for the other domain:
www.niftydomain.com uses an invalid security certificate. The certificate is only valid for the following names: cooldomain.com, www.cooldomain.com
My individual conf files look like this:
cooldomain-com.conf
<VirtualHost *:80>
DocumentRoot /var/www/vhost/cooldomain
ServerName cooldomain.com
ServerAlias www.cooldomain.com
ErrorLog logs/cooldomain-error_log
CustomLog logs/cooldomain-access_log common
</VirtualHost>
cooldomain-com-le-ssl.conf
<VirtualHost *:443>
DocumentRoot /var/www/vhost/cooldomain
ServerName cooldomain.com
ServerAlias www.cooldomain.com
ErrorLog logs/cooldomain-error_log
CustomLog logs/cooldomain-access_log common
SSLCertificateFile /etc/letsencrypt/live/cooldomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cooldomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/cooldomain.com/chain.pem
</VirtualHost>
So:
Am I taking the right approach? Should I have a separate cert for each domain (1 for niftydomain.com, one for cooldomain.com, and so on)?
Or should I do the whole thing as one cert covering niftydomain.com, cooldomain.com, superdomain.com and all of their individual subdomains?
If I’m taking the right approach with one cert per domain, can you suggest any ways to track down the cause of the “only valid for the other domain” error messages? I’ve searched as many pages here and at other sites as I can, and nothing I’ve tried has helped.
Thank you very much.
By the way, is there any way to turn off the site’s search feature? It overrides my browser’s search and makes it impossible to use ordinary page search.