Generate letsencrypt ssl for subdomain if the main domain is on another server


If someone can help me please with this (I also asked here the question):

Hi @calin24

Generate letsencrypt ssl for subdomain if the main domain is on another server

in general, that's not a problem. But that's not your question, your title is incomplete.

In your case, it's a problem. Because you have different providers, one with plesk.

It's always terrible to mix control panels like Plesk with standalone - ACME-clients like Certbot.

Especially if you have different providers, you A may be shared hosting.

@JuergenAuer so you are saying it will not work if I generate a wildcard ssl on VPS_B and put it also on VPS_A (import in plesk)

But Why the provider A ask me to generate a wildcard on this VPS_B ?

But If I generate in plesk a letsencrypt for will be ok ? Or I have to by a new ssl for this subdomain

The laravel app that is on VPS_B when sending emails - was giving me errors like:

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

because the ssl was expired.

Provider A gives me another url for the emails ..... but again something is not ok

stream_socket_enable_crypto(): Peer certificate CN=`dns10.....' did not match expected CN=`'

And tha's why he said to generate a wildcard ssl on VPS_B and give him the ssl to install also on VPS_A

Why do you think that?

It will work, but it requires manual actions. Every 60 - 85 days, that's not how Letsencrypt is intended.

And if the ip of your subdomain points to hoster A, hoster A should be able to create a certificate with that subdomain name, without a wildcard.

Please read required basics:

@JuergenAuer thank you.

I will insist the provider A to generate ssl on .... because anyway it administrated by them.

I only made changes in DNS zone like I said..... to point the web app to another VPS_B (and here I installed letsencrypt for -d -d

I generated after all an ssl for the also.

I am not sure If I proceeded correct:

  1. list certificates on the VPS_B

     sudo certbot certificates
     Found the following certs:
     Certificate Name:
     Expiry Date: 2021-06-20 13:16:48+00:00 (VALID: 87 days)
     Certificate Path: /etc/letsencrypt/live/
     Private Key Path: /etc/letsencrypt/live/
  2. Revoke the current certificate and deleted:

    sudo certbot revoke --cert-name

  3. stopped the apache2 server - because of the errors - forgot to remove the config ssl files (-le-ssl.conf) from sites-available and sites-enabled => then restart the apache2 server

  4. generated manually and verified with the dns (txt entry for the ->

    sudo certbot -d -d -d --manual --preferred-challenges dns certonly

  5. I generated again with apache - because I didn't know how to set it automatically in apache

    sudo certbot --apache -d -d

Here it generates another ssl with name:
  1. Changed the cert path in

to use the /etc/letsencrypt/live/ not the /etc/letsencrypt/live/

  1. Revoke and delete cert-name=

  2. Restart the apache server

The website is secured. The ssl now have also the included.

Probably after 90 days I have to generate it again and send it to provider to change it in plesk for VPS_A

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.