I added three wild card sub domain to same server IP and try to add the SSL. It worked for few hours but after that it again stopped and giving a connection error. So please help me


#39

One thing I want to discuss with you that we added SSL for other two sub domains like lite.skop.es and console.skop.es. For these 2 sub domains, -ssl.conf file is existed means lite.skop.es-le-ssl.conf and console.skop.es-le-ssl.conf.
But for pasa.skop.es, rcsa.skop.es and cp2.skop.es there is not such files. So is this the reason or not.


#40

Schoen asked me to take a look at this.

What I think is going on here is you have a single virtual host in /etc/apache2/sites-available/lite.skop.es-le-ssl.conf that is serving pasa.skop.es and rcsa.skop.es (and maybe cp2.skop.es). This is because you have no other virtual hosts for these domains listening on port 443 and you have ServerAlias *.skop.es in your configuration file.

When you run certbot --apache -d subdomain.skop.es, you are asking Certbot to install a cert containing only the name subdomain.skop.es into the virtual host for that domain. Since this virtual host is shared between at least two domains when you do this, you are removing the existing certificate in the virtual host and replacing it with the one for subdomain.skop.es.

I have a few solutions for you depending on your preferences, but I listed them in order of most to least recommended.

  1. If you are fine having multiple names in a single certificate and you don’t need your server to work for arbitrary subdomains like abc.skop.es, you should include multiple domains on the command line. For example, if the two domains you’re having trouble with are pasa.skop.es and rcsa.skop.es you should run sudo certbot --apache -d pasa.skop.es,rcsa.skop.es`.
  2. If you don’t want multiple names in a single certificate and you don’t need your server to work for arbitrary subdomains like abc.skop.es, you should delete the line ServerAlias *.skop.es from your Apache configuration and run both sudo certbot --apache -d pasa.skop.es and sudo certbot --apache -d rcsa.skop.es again.
  3. If you need your server to work for arbitrary subdomains, you’ll need to obtain a wildcard certificate. It is strongly recommended not do to this unless you need it which based on the information I have, I don’t think you do.

I hope this helps!


#41

So thanks for precious replies. So If I will follow the first option and want to add three sub domain then i need to run below command -
sudo certbot --apache -d cp2.skop.es,pasa.skop.es,rcsa.skop.es`.

Please confirm.

Also so my main requirement is to get the wild card sub domain certificates. So should I follow this - Getting wildcard certificates with Certbot
Please confirm


#42

Without the backtick character (`) — that was a typo in @bmw’s reply. It was supposed to look like

sudo certbot --apache -d cp2.skop.es,pasa.skop.es,rcsa.skop.es

Yes. You’ll need a way to update your DNS records via an API.


#43

Ok thanks

If I am trying the first option -
sudo certbot --apache -d cp2.skop.es,pasa.skop.es,rcsa.skop.es
Then I am getting below error -
“Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”

So as currently cp2 and pasa is working but rcsa.skop.es is not working on https.


#44

This is described at


#45

Thanks I have tried but still not working. rcsa.skop.es is not working on SSL


#46

Also If i tried the third option of wildcard certificate option then I am getting issue in TXT value of domain. I am adding the TXT value as instructed but it is not working. It is not fetching the TXT value from domain and saying it is wrong.
URL - Getting wildcard certificates with Certbot
I ran this command - ./certbot-auto certonly --manual -d *.mytaxlogin.com -d mytaxlogin.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
It runs fine but at end it is not accepting TXT value I am adding in domain account.


#47

Currently I tried with my another server to test. This test server domain is mytaxlogin and its wild card * is pointed to same IP


#48

In each case, what command did you run and what was the output from the command?


#49

For Wildcard Certificates - I ran below command -

./certbot-auto certonly --manual -d *.mytaxlogin.com -d mytaxlogin.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Output - It was asking for TXT value to add. I added in domain account site and then click on Enter to continue. it then gave me an error that TXT value found is wrong


#50

Please paste the actual output from the command here.


#51



Please help me what is the exact issue


#52

I’m working on a change to the software to make this more explicit, but both TXT records need to exist in the DNS zone at the same time, not just one or the other.


#53

OK thanks for it. So you mean two TXT records need to add.
One with name - _acme-challenge.mytaxlogin.com and
Other with name - _acme-challenge.*.mytaxlogin.com

I think both will have same value. Please confirm me for this.


#54

No, both of the TXT records have exactly the same name, _acme-challenge.mytaxlogin.com. They just have different values.


#55

Thanks for the reply. But I created same name TXT records with two different values as asked in process. But still not able to do. It is giving an error -
http://rtracsystem.com/screens/error.txt

So please help me


#56

Also you can see i added TXT records as -


#57

So please help me and reply. As we have urgent requirement of this SSL


#58

Hi @ervivekmahajan,

Keep in mind this is a forum not a chat.

Are you sure you wait enough time till both authoritative name servers answer with both txt records before pressing enter to continue and validate the domains?

Cheers,
sahsanu