I have three domains on a virtual server that I want to protect with certbot. If I execute the command below for e.g. stokkr.de, it will be protected successfully. If I now execute the command for another domain (dev-online.de), I get the message NET::ERR_CERT_COMMON_NAME_INVALID in my browser for stokkr.de.
How can I protect several domains with their own certificate? Or does it make sense to use one certificate for all domains? If so, how can I best configure this?
My domain is:
stokkr.de
I ran this command:
certbot --apache -d dev-online.de -d www.dev-online.de
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isnât close to expiry.
(ref: /etc/letsencrypt/renewal/dev-online.de.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for dev-online.de
http-01 challenge for www.dev-online.de
Waiting for verificationâŚ
Cleaning up challenges
Created an SSL vhost at /var/www/vhosts/system/dev-online.de/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /var/www/vhosts/system/dev-online.de/conf/httpd-le-ssl.conf
Enabling available site: /var/www/vhosts/system/dev-online.de/conf/httpd-le-ssl.conf
Deploying Certificate to VirtualHost /var/www/vhosts/system/dev-online.de/conf/httpd-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if youâre confident your site works on HTTPS. You can undo this
change by editing your web serverâs configuration.
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 2
Enhancement redirect was already set.
Enhancement redirect was already set.
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://dev-online.de and
https://www.dev-online.de
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=dev-online.de
https://www.ssllabs.com/ssltest/analyze.html?d=www.dev-online.de
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dev-online.de/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dev-online.de/privkey.pem
Your cert will expire on 2020-06-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the âcertonlyâ option. To non-interactively renew all of
your certificates, run âcertbot renewâ -
Some rewrite rules copied from
/etc/apache2/plesk.conf.d/vhosts/dev-online.de.conf were disabled
in the vhost for your HTTPS site located at
/var/www/vhosts/system/dev-online.de/conf/httpd-le-ssl.conf because
they have the potential to create redirection loops. -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Letâs Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version):
Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTSâŹ
My hosting provider, if applicable, is:
1&1 IONOS
I can login to a root shell on my machine (yes or no, or I donât know):
Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
Not for this task â but Plesk Obsidian 18.0.25
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youâre using Certbot):
certbot 0.27.0