Existing certificate for different web site falls off when new one is set up

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: yorklearning.org.uk

I ran this command: wacs (to create new certificate for new subdomain site)

It produced this output: (no errors)

My web server is (include version): iis 10

The operating system my web server runs on is (include version): Windows 2016

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): wacs 2.1 (Dec 2019 version)

So we are creating a handful of ssl web sites to point at specific pages of the parent site. Using SNI and a single cert per site.
The server handles around a dozen sites at present, but most times we add a new certificate, book.yorklearning.org.uk looses its certificate (has to be added back each time, then ok).

Any ideas?

Hi @Goatie … Doodling around I came across this:

whois book.yorklearning.org.uk

Error for “book.yorklearning.org.uk”.

This domain cannot be registered because it contravenes the Nominet UK naming rules. The reason is: the domain name contains too many parts.

This document states:

For a combination of policy and continuing technical reasons the Characters “com” and “uk” shall not be permitted as an SLD or a Third Level Domain within co.uk, me.uk, org.uk or net.uk.

This may be mute now in 2020, but different registrars have their own rules on what can and cant be registered. And I am certainly not an expert on this. @schoen or @rg305 or @JuergenAuer may be able to shed a brighter light on this… May not have anything to do with your issue, but this is where I’d start researching.

I hope this at least gives some food for thought.
Rip

not registering this as a domain. We have any number of subdomains under the various domains we run.

Hi @Goatie

share a screenshot of that binding.

Sounds like the required host name or the checked SNI-box is missing.

PS: Hi @Rip

it’s a registered subdomain, so the domain name is ok.

2 Likes

Ah - thanks - the SNI box was missed! Sometimes you think its clicked and its not.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.