Creating a cert for a subdomain

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nchanga.com , www.nchanga.com , mail.nchanga.com

I ran this command: n/a

It produced this output: n/a

My web server is (include version): nginx

The operating system my web server runs on is (include version): Raspbian

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I need some advice please. My brain is melting, I can't figure it out.

I have a Rpi mail server with nginx and certbot all working perfectly. I have recently installed nextcloudpi on a different Rpi. How do I get a cert for that ? for example cloud.nchanga.com? without breaking my mail server.

2

You just get a cert? Why would that break your mail server?

3 Likes
3

How? This is where the brain fade starts. I have ports 80/443 forwarded to my mail server, I believe letsencrypt needs these open. I need the cert for a different Rpi (and IP)

4

You mean a different internal IP? Or external too?

Let's Encrypt can indeed use port 80 for the http-01 challenge, but you could also use the dns-01 challenge, although the latter could be more difficult to set up.

When you have multiple webservers behind a single IP address, the most logical step is to set up one of the webservers as a reverse proxy for the others. This is quite easily done with nginx.

3 Likes
5

Internal IP.

I have tried to set up a reverse proxy in nginx on the mail server but I am not sure how. I don't want to mess with it to much as it is working fine. I know backups are my friend. I still don't understand how the request would work on the nextcloud sever.