Could someone point me in the right direction.
I have domain A installed and working fine
It has a subdomain pointing to a different server and IP
How do I/ can I issue a cert for this subdomain.
Obviously currently I get an error message, which is understandable.
Any help most welcome
best
Nick
Hello blue-earth.
You say you’ve got a separate server with a sub-domain? is it part of the dame domain or completely different? Also what is the Error are you getting
Example. mywebsite.com and your sub-domain would be us.mywebsite.com?
If that’s the case, go onto the server and use any of the tools available, and it’ll create certificate for you
Thanks for your reply.
Yes it is as you have said: Example. mywebsite.com and your sub-domain would be us.mywebsite.com?
But the subdomain points to an IP on a different server.
Here is the error message. Which is happening I guess because of the different IP of the subdomain.
There was a problem processing your request
Error issuing certificate
Failed to issue certificate
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:unauthorized’: Invalid response from http://dms.thedreadnought.co.uk/.well-known/acme-challenge/uEEi39j6dPGYNigswtoUyxUI-kmN6cRUOwzh6CFpYDE: " <html xmlns=“http”
Let’s Encrypt expects you to prove control over the exact name you want a certificate for. So, the easiest way to arrange this for your subdomain will usually be to run the Certbot software (or whichever client you’ve chosen) on the server which serves that subdomain itself.
Does that makes sense?
So they would need to be running the lets encrypt software on their end I.E on the server that has the originating IP?
best
Nick
Let’s Encrypt also follows redirects. I believe you should be able to set a redirect on the sub-domain to point to the main server. This should also allow you to create a single certificate for both names, if you wish.
That’s the most common way to achieve your goal here. One way or another Let’s Encrypt will want to achieve confidence that whoever wants this certificate is controlling the exact name requested. When they run from the named machine Certbot itself and other clients like acme.sh can usually easily arrange all that automatically. If it’s not possible to run such a client, there are other approaches, but you’d probably need to explain in more detail what’s going on so that people can suggest how to solve your specific problems.
Thanks for your answer. I am not sure where I would redirect to, as the subdomain is already pointing to the IP address on the on other server. I can see what you are saying, but not sure how to implement it
best
Nick
It depends on your webserver, but basically I would redirect/rewrite;
subdomain.com/.well-known/acme-challenge --> maindomain.com/.well-known/acme-challenge
A Guru may give you more detailed/more accurate info
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.