How to use Let's Encrypt with subdomain on separate IP?

Could someone point me in the right direction.

I have domain A installed and working fine

It has a subdomain pointing to a different server and IP

How do I/ can I issue a cert for this subdomain.

Obviously currently I get an error message, which is understandable.

Any help most welcome

Hello blue-earth.

You say you’ve got a separate server with a sub-domain? is it part of the dame domain or completely different? Also what is the Error are you getting

Example. and your sub-domain would be

If that’s the case, go onto the server and use any of the tools available, and it’ll create certificate for you

Thanks for your reply.

Yes it is as you have said: Example. and your sub-domain would be

But the subdomain points to an IP on a different server.

Here is the error message. Which is happening I guess because of the different IP of the subdomain.

There was a problem processing your request

Error issuing certificate
Failed to issue certificate
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:unauthorized’: Invalid response from " <html xmlns=“http”

Let’s Encrypt expects you to prove control over the exact name you want a certificate for. So, the easiest way to arrange this for your subdomain will usually be to run the Certbot software (or whichever client you’ve chosen) on the server which serves that subdomain itself.

Does that makes sense?

So they would need to be running the lets encrypt software on their end I.E on the server that has the originating IP?


Let’s Encrypt also follows redirects. I believe you should be able to set a redirect on the sub-domain to point to the main server. This should also allow you to create a single certificate for both names, if you wish.

That’s the most common way to achieve your goal here. One way or another Let’s Encrypt will want to achieve confidence that whoever wants this certificate is controlling the exact name requested. When they run from the named machine Certbot itself and other clients like can usually easily arrange all that automatically. If it’s not possible to run such a client, there are other approaches, but you’d probably need to explain in more detail what’s going on so that people can suggest how to solve your specific problems.

Thanks for your answer. I am not sure where I would redirect to, as the subdomain is already pointing to the IP address on the on other server. I can see what you are saying, but not sure how to implement it

It depends on your webserver, but basically I would redirect/rewrite; -->

A Guru may give you more detailed/more accurate info

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.