I’m trying to use the same certificate from my conventional domain (my-site.com) on my subdomain (subdmain.my-site.com) via Nginx server, but what I noticed is that it doesn’t work. Why? My host is Hostinger and I generated the main certificate and key using Certbot. Now I have this subdomain and I need to add an SSL certificate on it. I tried to use openssl, but I haven’t see any CA generated (.crt). All I could see was the .csr and .key. The .csr, you know, is not recognized by the server as an authentic certificate. How can I add a certificate for this subdomain, too?
certificates are for specific FQDNs
A .csr is a Certificate Signing Request (only a request - not an actual certificate)
- Start by ignoring the fact that you already have (an unrelated) certificate.
And proceed to get a cert for this FQDN as if it was completely new (because it is).
Sorry for my dumb question. Sometimes, it’s a bit confusing to me, as I am a newbie at it. But… You mean, I have to generate a different certificate for this subdomain, right? It’s because the certificate is registered based upon the domain name. Therefore, if I use a cert from another domain, for example, it simply won’t work, will it? Unless, I don’t create the subdomain and instead I create a subfolder inside the main domain… Is that so? All that being said, how can I generate a separate certificate for that said subdomain, once I tried it too, but it refused. I see the following message:
You are over complicating the “problem” / situation.
Each FQDN is unrelated to any other FQDN.
Forget that you already have a cert for any other domain.
If this new name is not on any cert, then you will need to get a cert for it.
There are many ways to get a cert.
The simplest is using an ACME client like:
And using it with a web service like Apache or NGINX makes it easy to implement.
Otherwise you can always use the
--webroot option [which will work with any web server].
I’m still confusing. Is there any tutorial on it you could recommend?
The Internet is filled with tutorials.
Some even via video.
I can’t personally recommend any; as I have not used any of them.
I would use
certbot and start here (but I might have more experience that you with Linux/NGINX/Certbot):
After so many hours trying to install snapd, this is the message I get:
As I’m stuck at here, wouldn’t there be any other method?
Now I tried to use apt instead of snap, and all I had was:
In my /var/log/letsencrypt/letsencrypt.log, I see:
I also tried this, with no sucess: Certbot missing Apache plugin
I had made a mistake, by following the tutorial in Certbot missing Apache plugin and forgotten it’s not apache, and yes, nginx. But now I have another error:
And in my /var/log/letsencrypt/letsencrypt.log:
So you’re back where you started…
Anyway, the extended ASCII character 0xB3 is an upperscript 3. It looks like your nginx configuration contains such a character and the nginx parser doesn’t seem to like it.
And how can I identify that character?
By reading the nano manual. It mentions the way to enter characters by byte code:
Characters not present on the keyboard can be entered in two ways:
• For characters with a single-byte code, pressing the Esc key twice and then typing a three-digit decimal number (from 000 to 255) will make nano behave as if you typed the key with that value.
That method worked for me: use Ctrl-W to search in the file; press Esc two times; type
179 (that’s the decimal number for hex 0xB3 and after typing in 179 you should see the superscript 3 in your nano search box; press the Enter key to search.
As I’m losing so much time with this, I will look for other alternatives…