Few subdomains - is port 80 required for each?

DeadlineX · January 19, 2020, 4:04am

Let’s say, I’ve got a domain like “mydomain.com”, and www.mydomain.com is its alias. I’ve installed certificate for www.mydomain.com and it works. I’ve added permanent redirection in mydomain.com to https://www.mydomain.com and it also works. My website has hrefs to subdomains like js.mydomain.com, img.mydomain.com, etc. Here is my question: should I create both port 80 and 443 hosts for each of these subdomains or port 443 would be enough? Please note, these subdomains are referred from my main site only, so I don’t expect, that anyone will type “http://img.mydomain.com” in his/her browser. Or is “http://” (i.e. port 80) necessary for search engines, etc.?

Also, what is better: either to issue separate certificate for each subdomain, or for all of them at once? And what will happen (what choice will be done) if I’ll type “–apache” in this case? Will I be asked by script or will it work somehow automatically?

Thank you.

P.S.
I’ve read this topic: Add new subdomain but it didn’t help me to understand it all at 100%, sorry.

JuergenAuer · January 19, 2020, 8:29am

Hi @DeadlineX

please read some basics:

So, if you want to use http validation, a working port 80 is required.

That’s your choice.

DeadlineX · January 19, 2020, 9:31am

Thank you for the reply,
Indeed, I’ve read the description yet before I began with Let’sEncrypt. May be I’ve forgot something… Nevertheless, I never created “/.well-known/acme-challenge/” subdirectory in the virtual host directory. Neither I edited the DNS TXT record, as I’ve got static IP. Then how it all could work? It works for one “root” domain now, so I’m considering to add another domain with few subdomains.
Should I create “/.well-known/acme-challenge/” subdirectories manually for each of my virtual hosts?
Am I understanding it correctly, that all I need to do is to create the pairs for both domain and each of its subdomains, pointing to the same document home subdirectory:
mydomain.com:80 ==> /mydomain/home
mydomain.com:443 ==> /mydomain/home
sub1.mydomain.com:80 ==> /mydomain/sub1
sub1.mydomain.com:443 ==> /mydomain/sub1
sub2.mydomain.com:80 ==> /mydomain/sub2
sub2.mydomain.com:443 ==> /mydomain/sub2
… etc…
then I can just run certbot --apache, and it will:

reinstall my existing certificate for “myexistingdomain.com”
create and install new certificates for the items, pointed above
Or will Certbot look at “myexistingdomain.com” certificate, check if it is not getting expired (really it isn’t), and leave it as is?

JuergenAuer · January 19, 2020, 10:19am

Please try it, then you know it.

If your configuration is clean, it may work. If your configuration is buggy, it may crash.

So I don’t know (and can’t know) the result.

system · February 18, 2020, 10:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.