Few subdomains - is port 80 required for each?

Let’s say, I’ve got a domain like “mydomain.com”, and www.mydomain.com is its alias. I’ve installed certificate for www.mydomain.com and it works. I’ve added permanent redirection in mydomain.com to https://www.mydomain.com and it also works. My website has hrefs to subdomains like js.mydomain.com, img.mydomain.com, etc. Here is my question: should I create both port 80 and 443 hosts for each of these subdomains or port 443 would be enough? Please note, these subdomains are referred from my main site only, so I don’t expect, that anyone will type “http://img.mydomain.com” in his/her browser. Or is “http://” (i.e. port 80) necessary for search engines, etc.?

Also, what is better: either to issue separate certificate for each subdomain, or for all of them at once? And what will happen (what choice will be done) if I’ll type “–apache” in this case? Will I be asked by script or will it work somehow automatically?

Thank you.

P.S.
I’ve read this topic: Add new subdomain but it didn’t help me to understand it all at 100%, sorry.

1 Like

Hi @DeadlineX

please read some basics:

So, if you want to use http validation, a working port 80 is required.

That's your choice.

1 Like

Thank you for the reply,
Indeed, I’ve read the description yet before I began with Let’sEncrypt. May be I’ve forgot something… Nevertheless, I never created “/.well-known/acme-challenge/” subdirectory in the virtual host directory. Neither I edited the DNS TXT record, as I’ve got static IP. Then how it all could work? It works for one “root” domain now, so I’m considering to add another domain with few subdomains.
Should I create “/.well-known/acme-challenge/” subdirectories manually for each of my virtual hosts?
Am I understanding it correctly, that all I need to do is to create the pairs for both domain and each of its subdomains, pointing to the same document home subdirectory:
mydomain.com:80 ==> /mydomain/home
mydomain.com:443 ==> /mydomain/home
sub1.mydomain.com:80 ==> /mydomain/sub1
sub1.mydomain.com:443 ==> /mydomain/sub1
sub2.mydomain.com:80 ==> /mydomain/sub2
sub2.mydomain.com:443 ==> /mydomain/sub2
… etc…
then I can just run certbot --apache, and it will:

  1. reinstall my existing certificate for “myexistingdomain.com
  2. create and install new certificates for the items, pointed above
    Or will Certbot look at “myexistingdomain.com” certificate, check if it is not getting expired (really it isn’t), and leave it as is?
1 Like

Please try it, then you know it.

If your configuration is clean, it may work. If your configuration is buggy, it may crash.

So I don’t know (and can’t know) the result.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.