Why does generated certificate for a subdomain show ERR_CERT_COMMON_NAME_INVALID error in browser when the root domain is in other server, and only works when i include the subdomain in another domain's certificate.
The issue will be that on server B you used a slightly different command when you first got your certificates, and you included all the required names. Try typing history to get a list of all commands you have recently run to see what you ran last time.
You can "expand" the list of domains to include on your certificate using certbot --expand -d existing.com,example.com,newdomain.com
Why do two servers have certificates for the same domains? Are you loading balancing the site between two servers?
Server A hosts the root domain example.com
Server B hosts totally different site but i want to use subdomain of example.com which is x.example.com
No load balancing though.
Do i have to include example.com in Server B? certbot certonly --cert-name x.example.com -d x.example.com -d example.com -d www.example.com
Yeah probably when installing the root cert in Server A i used a different command.
By the way, is the certificate generated for multiple different domains (domain.com,x.example.com) legit? because when i go to x.example.com, browser shows certificate is for domain.com, but otherwise no error.
Different servers running different services (via different subdomains) don't need to share any certificate information. No, server B running something.example.com doesn't need to include example.com in it's cert.
So you can have one server running www.example.com and a completely different one running example.com, with completely independent certificates. Or, they could be hosted on the same machine with one cert covering both names, up to you.
So the fact that something is a subdomain of something else pretty much doesn't matter, you can treat them separately.
Assuming you are using http validation, each domain requires validation, which requires each server to respond with a very specific challenge response each time you renew the cert, so a server will generally only renew it's own certs for the name(s) it uses.
Some browsers (chrome) treat www.example.com and example.com as valid even if the cert is just for example.com (I think). Other browsers will say invalid name if you try to deviate at all from exactly what's on the certificate. A Let's Encrypt certificate can include up to 100 domains and subdomains in one cert.
You can also create wildcard certs *.example.com which cover any subdomain 1 level deep, but you need to use DNS validation instead of http validation for that.
In server B i noticed the x.example.com subdomain was included in domain.com's cert, so i tried to separate them by removing x.example.com from domain.com with certbot certonly --cert-name domain.com -d domain.com -d www.domain.com
then creating new certonly for x.example.com with certbot certonly --cert-name x.example.com -d x.example.com, but it isn't getting used (hence the chrome error).