Hello,
If someone can help me please with this (I also asked here the question):
Hi @calin24
Generate letsencrypt ssl for subdomain if the main domain is on another server
in general, that's not a problem. But that's not your question, your title is incomplete.
In your case, it's a problem. Because you have different providers, one with plesk.
It's always terrible to mix control panels like Plesk with standalone - ACME-clients like Certbot.
Especially if you have different providers, you A may be shared hosting.
@JuergenAuer so you are saying it will not work if I generate a wildcard ssl on VPS_B and put it also on VPS_A (import in plesk)
But Why the provider A ask me to generate a wildcard on this VPS_B ?
But If I generate in plesk a letsencrypt for mail.my-domain.com will be ok ? Or I have to by a new ssl for this subdomain mail.my-domain.com
The laravel app that is on VPS_B when sending emails - was giving me errors like:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
because the mail.my-domain.com ssl was expired.
Provider A gives me another url for the emails ..... but again something is not ok
stream_socket_enable_crypto(): Peer certificate CN=`dns10.....' did not match expected CN=`mail.my-domain.com'
And tha's why he said to generate a wildcard ssl on VPS_B and give him the ssl to install also on VPS_A
Why do you think that?
It will work, but it requires manual actions. Every 60 - 85 days, that's not how Letsencrypt is intended.
And if the ip of your subdomain points to hoster A, hoster A should be able to create a certificate with that subdomain name, without a wildcard.
Please read required basics:
@JuergenAuer thank you.
I will insist the provider A to generate ssl on mail.my-domain.com .... because anyway it administrated by them.
I only made changes in DNS zone like I said..... to point the web app to another VPS_B (and here I installed letsencrypt for -d mydomain.com -d www.my-domain.com)
I generated after all an ssl for the mail.my-domain.com also.
I am not sure If I proceeded correct:
-
list certificates on the VPS_B
sudo certbot certificates Found the following certs: Certificate Name: my-domain.com Domains: my-domain.com www.my-domain.com Expiry Date: 2021-06-20 13:16:48+00:00 (VALID: 87 days) Certificate Path: /etc/letsencrypt/live/my-domain.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/my-domain.com/privkey.pem -
Revoke the current certificate and deleted:
sudo certbot revoke --cert-name my-domain.com -
stopped the apache2 server - because of the errors - forgot to remove the config ssl files (-le-ssl.conf) from sites-available and sites-enabled => then restart the apache2 server
-
generated manually and verified with the dns (txt entry for the mail.my-domain.com) -> _acme-challenge.mail.my-domain.com
sudo certbot -d my-domain.com -d www.my-domain.com -d mail.my-domain.com --manual --preferred-challenges dns certonly -
I generated again with apache - because I didn't know how to set it automatically in apache
sudo certbot --apache -d my-domain.com -d www.my-domain.com
Here it generates another ssl with name:
my-domain.com-0001
- Changed the cert path in
my-domain.com-le-ssl.conf
to use the /etc/letsencrypt/live/my-domain.com/ not the /etc/letsencrypt/live/my-domain.com-0001/
-
Revoke and delete cert-name= my-domain.com-0001
-
Restart the apache server
The website is secured. The ssl now have also the main.my-domain.com included.
Probably after 90 days I have to generate it again and send it to provider to change it in plesk for VPS_A
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.