Let’s say, I’ve got a domain like “mydomain.com”, and www.mydomain.com is its alias. I’ve installed certificate for www.mydomain.com and it works. I’ve added permanent redirection in mydomain.com to https://www.mydomain.com and it also works. My website has hrefs to subdomains like js.mydomain.com, img.mydomain.com, etc. Here is my question: should I create both port 80 and 443 hosts for each of these subdomains or port 443 would be enough? Please note, these subdomains are referred from my main site only, so I don’t expect, that anyone will type “http://img.mydomain.com” in his/her browser. Or is “http://” (i.e. port 80) necessary for search engines, etc.?
Also, what is better: either to issue separate certificate for each subdomain, or for all of them at once? And what will happen (what choice will be done) if I’ll type “–apache” in this case? Will I be asked by script or will it work somehow automatically?
Thank you.
P.S.
I’ve read this topic: Add new subdomain but it didn’t help me to understand it all at 100%, sorry.
Thank you for the reply,
Indeed, I’ve read the description yet before I began with Let’sEncrypt. May be I’ve forgot something… Nevertheless, I never created “/.well-known/acme-challenge/” subdirectory in the virtual host directory. Neither I edited the DNS TXT record, as I’ve got static IP. Then how it all could work? It works for one “root” domain now, so I’m considering to add another domain with few subdomains.
Should I create “/.well-known/acme-challenge/” subdirectories manually for each of my virtual hosts?
Am I understanding it correctly, that all I need to do is to create the pairs for both domain and each of its subdomains, pointing to the same document home subdirectory: mydomain.com:80 ==> /mydomain/home mydomain.com:443 ==> /mydomain/home sub1.mydomain.com:80 ==> /mydomain/sub1 sub1.mydomain.com:443 ==> /mydomain/sub1 sub2.mydomain.com:80 ==> /mydomain/sub2 sub2.mydomain.com:443 ==> /mydomain/sub2
… etc…
then I can just run certbot --apache, and it will:
create and install new certificates for the items, pointed above
Or will Certbot look at “myexistingdomain.com” certificate, check if it is not getting expired (really it isn’t), and leave it as is?