Does Let's Encrypt affect other configured certificate?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dtac2020lebanon.com

I ran this command: 1. sudo apt-get update
2. sudo apt-get install software-properties-common
3. sudo add-apt-repository universe
4. sudo add-apt-repository ppa:certbot/certbot
5. sudo apt-get update
6. sudo apt-get install certbot python-certbot-nginx
7. sudo certbot certonly --nginx -d dtac2020lebanon.com -d www.dtac2020lebanon.com

It produced this output:

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have a Ubuntu shared server where I install in it multiple projects and each one has a paid certificate from different origin. I want to know before proceeding with certbot if installing it on this shared server affect the other certificates! does it change anything in other nginx config files?

2

Hi @Absh12

normally, that shouldn't a problem.

But: If you use the dns-authentication or if you use http-authentication with webroot, your configuration should be unchanged.

If you use --apache or --nginx, Certbot creates a location definition and removes that after the validation.

Sometimes there are buggy configurations so Certbot picks the wrong vHost. Or a configuration doesn't work because there is no vHost configured (only a global vHost).

Important: Every combination of port and domain name should be unique, redirects should be unique.

Check your config with

nginx -T

to see, if you have unique vHosts. Use --dry-run to create a (not saved) test certificate. And use online tools ( https://letsdebug.net/ from @_az , https://check-your-website.server-daten.de/ - own tool) to check your configuration before creating the first test certificate.

1 Like
3

PS: Checking your domain there are some things ( https://check-your-website.server-daten.de/?q=dtac2020lebanon.com ):

Domainname Http-Status redirect Sec. G
http://www.dtac2020lebanon.com/
13.81.11.61 301 http://dtac2020lebanon.com/ 0.200 D
http://www.testing.coachnour.com/ 301 https://www.testing.coachnour.com/ 0.077 A
http://dtac2020lebanon.com/
13.81.11.61 200 0.613 H
https://dtac2020lebanon.com/
13.81.11.61 302 http://www.testing.coachnour.com/ 0.490 N
Certificate error: RemoteCertificateNameMismatch
https://www.dtac2020lebanon.com/
13.81.11.61 302 http://www.testing.coachnour.com/ 0.257 N
Certificate error: RemoteCertificateNameMismatch
https://www.testing.coachnour.com/ 200 3.253 I
http://www.dtac2020lebanon.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
13.81.11.61 301 http://dtac2020lebanon.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.227 D
Visible Content:
http://dtac2020lebanon.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
13.81.11.61 404 0.377 A
Not Found

http is correct, /.well-known/acme-challenge answers with the expected status 404 - Not Found.

But your https picks the wrong vHost, so there is a redirect to another domain. Maybe a problem if certbot doesn’t create a new vHost, instead tries to change the existing vHost. But I don’t know if certbot tries that.

4

Ok great, thanks.
It’s working now :smiley:

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.