Yes you could. Or, some people get one cert with both names in it.
2 Likes
very interesting
how can i request one cert for the 2nd and 3rd level at the same time?
i didn't know it
thanks
massimo
1 Like
I don't know uacme at all but I see its docs say this. It is perfectly fine to use two certs with just one name each. If multiple names doesn't work with uacme http challenge script or for other reasons just get a second cert.
You could also try asking on a uacme support forum or its github
uacme [OPTIONS β¦] issue IDENTIFIER [ALTNAME β¦]
Issue a certificate for IDENTIFIER with zero or more ALTNAMEs. If a certificate is already available at CONFDIR/IDENTIFIER/cert.pem for the specified IDENTIFIER and ALTNAMEs and is still valid for longer than DAYS no action is taken unless -f, --force is specified or -o, --no-ocsp is not specified and the certificate is reported as revoked by the OCSP server. The new certificate is saved to CONFDIR/IDENTIFIER/cert.pem. If the certificate file already exists it is hardlinked to CONFDIR/IDENTIFIER/cert-TIMESTAMP.pem before overwriting. The private key for the certificate is loaded from CONFDIR/private/IDENTIFIER/key.pem. If no such file exists, a new key is generated unless -n, --never-create is specified. Wildcard IDENTIFIERs or ALTNAMEs are dealt with correctly, as long as the ACME server supports them; note that any such wildcards are automatically removed from the configuration subdirectory name: for example a certificate for *.test.com is saved to CONFDIR/test.com/cert.pem. IP address IDENTIFIERs and ALTNAMEs are also supported according to RFC 8738 - Automated Certificate Management Environment (ACME) IP Identifier Validation Extension
2 Likes
hi,
please could you give a check?
i've not jet modified httpd.conf
if the issue of the certificate www.ecom... and ecomstation.it is OK i will do
thanks a lot
massimo
1 Like
Yes, it looks good. There are two SANs (Subject Alternative Names).
Just do the same for jaimeaymerichbrasile.top
3 Likes
thank you
should i set 2 virtual hosts, one for the 3rd level www and one for the 2nd level or is there a simpler way to configure just one virtualhost with 2 certs (apache 2.4.59)?
or should i do nothing?
since if i call in the browser https://ecomstation.it
the SSL works
thanks
massimo
1 Like
You can do it either way. You can put both names in the same VirtualHost and have a cert that includes both names. One domain name as the ServerName and the other as the Alias:
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
... (other items) ...
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/(cert-path)/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(cert-path)/privkey.pem
...
</VirtualHost>
Do the same ServerName/Alias in your VirtualHost for port 80 but of course do not specify any SSL config there
2 Likes
I have the same issue with my domain mfbot.top
Can anybody help me please?
Domains registered a month ago and it works good. A month ago I tried 8 times to get certs via letsencrypt for ch.mfbot.top. Then I successfully got it. But now I also can't get it for ch.mfbot.top
@dotmitsu The Let's Encrypt staff is trying its best, see DNS problem: looking up A for xxx.domain.top: DNSSEC: DNSKEY Missing; no valid AAAA records found for xxx.domain.top - #31 by mcpherrinm. But please don't post "I also have this problem!" there, as the problem is well known already. You can follow that thread for new posts from the Let's Encrypt staff or monitor the incident at Let's Encrypt Status.
I'm also closing this thread in favor of the one I linked to prevent other "I'm also having this issue!" posts, which are not helpful in this specific case.
3 Likes