How can I add a certificate for a subdomain?

I’m trying to use the same certificate from my conventional domain (my-site.com) on my subdomain (subdmain.my-site.com) via Nginx server, but what I noticed is that it doesn’t work. Why? My host is Hostinger and I generated the main certificate and key using Certbot. Now I have this subdomain and I need to add an SSL certificate on it. I tried to use openssl, but I haven’t see any CA generated (.crt). All I could see was the .csr and .key. The .csr, you know, is not recognized by the server as an authentic certificate. How can I add a certificate for this subdomain, too?

  1. certificates are for specific FQDNs

  2. A .csr is a Certificate Signing Request (only a request - not an actual certificate)

  1. Start by ignoring the fact that you already have (an unrelated) certificate.
    And proceed to get a cert for this FQDN as if it was completely new (because it is).

Sorry for my dumb question. Sometimes, it’s a bit confusing to me, as I am a newbie at it. But… You mean, I have to generate a different certificate for this subdomain, right? It’s because the certificate is registered based upon the domain name. Therefore, if I use a cert from another domain, for example, it simply won’t work, will it? Unless, I don’t create the subdomain and instead I create a subfolder inside the main domain… Is that so? All that being said, how can I generate a separate certificate for that said subdomain, once I tried it too, but it refused. I see the following message:

image

You are over complicating the “problem” / situation.
Each FQDN is unrelated to any other FQDN.

Forget that you already have a cert for any other domain.
If this new name is not on any cert, then you will need to get a cert for it.

There are many ways to get a cert.
The simplest is using an ACME client like: certbot
And using it with a web service like Apache or NGINX makes it easy to implement.
Otherwise you can always use the --webroot option [which will work with any web server].

I’m still confusing. Is there any tutorial on it you could recommend?

The Internet is filled with tutorials.
Some even via video.

I can’t personally recommend any; as I have not used any of them.
I would use certbot and start here (but I might have more experience that you with Linux/NGINX/Certbot):

After so many hours trying to install snapd, this is the message I get:

image

As I’m stuck at here, wouldn’t there be any other method?

Now I tried to use apt instead of snap, and all I had was:
image

In my /var/log/letsencrypt/letsencrypt.log, I see:

I also tried this, with no sucess: Certbot missing Apache plugin

I had made a mistake, by following the tutorial in Certbot missing Apache plugin and forgotten it’s not apache, and yes, nginx. But now I have another error:

image

And in my /var/log/letsencrypt/letsencrypt.log:

So you’re back where you started… :stuck_out_tongue:

Anyway, the extended ASCII character 0xB3 is an upperscript 3. It looks like your nginx configuration contains such a character and the nginx parser doesn’t seem to like it.

And how can I identify that character?

By reading the nano manual. It mentions the way to enter characters by byte code:

Characters not present on the keyboard can be entered in two ways:
• For characters with a single-byte code, pressing the Esc key twice and then typing a three-digit decimal number (from 000 to 255) will make nano behave as if you typed the key with that value.

That method worked for me: use Ctrl-W to search in the file; press Esc two times; type 179 (that’s the decimal number for hex 0xB3 and after typing in 179 you should see the superscript 3 in your nano search box; press the Enter key to search.

As I’m losing so much time with this, I will look for other alternatives…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.