Can someone help me with this please? I am using certbot on manual mode and already got a certificate to work with one domain but when I try to include more subdomains it will only work for one.
My domain registrar and web hosting provider is GoDaddy by the way. (Yes, I know it's not the best for these situations, but I do know it's possible).
1 Like
In what way does it stop working? Error messages and screenshots would be helpful here.
The basic way to request multiple domains on a single certificate is just to list them like:
certbot certonly --manual -d example.com -d www.example.com -d example.org
To help you further than that, we need more information about where you're running into trouble.
2 Likes
Welcome to the Let's Encrypt Community, Lorenzo 
Following what @_az has advised should get you going. If you should run into any GoDaddy specific issues (especially with cPanel), I'm happy to help as I've probably ran into them myself at some point.
2 Likes
Sorry, I forgot to include that, I'll run it on more time since it takes a bit and I'll paste the output here!
1 Like
You can also do this:
-d "domain.com,www.domain.com"
like:
certbot certonly --manual --preferred-challenges dns -d "example.com,www.example.com" --keep
1 Like
Oh, also another heads up before i post the output here, even though one domain is certified with Let's encrypt, it still shows as insecure, the domain in question that I'm talking about here is this one: lorenzobloedow.com (ignore the silly website, I'm still just setting it up lol)
1 Like
Did you remember to click install once you saved the certificate in cPanel?
It looks like you did.
Make sure to go to the Domains section in cPanel, click Domains, expand the section for your domain, then toggle "Force HTTPS Redirect" on.
1 Like
One second, I'm now generating a new cert for all the domains.
1 Like
←[31mChallenge failed for domain autodiscover.lorenzobloedow.com←[0m
←[31mChallenge failed for domain cpanel.lorenzobloedow.com←[0m
←[31mChallenge failed for domain cpcalendars.lorenzobloedow.com←[0m
←[31mChallenge failed for domain cpcontacts.lorenzobloedow.com←[0m
←[31mChallenge failed for domain webdisk.lorenzobloedow.com←[0m
←[31mChallenge failed for domain webmail.lorenzobloedow.com←[0m
http-01 challenge for autodiscover.lorenzobloedow.com
http-01 challenge for cpanel.lorenzobloedow.com
http-01 challenge for cpcalendars.lorenzobloedow.com
http-01 challenge for cpcontacts.lorenzobloedow.com
http-01 challenge for webdisk.lorenzobloedow.com
http-01 challenge for webmail.lorenzobloedow.com
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[1m
IMPORTANT NOTES:
←[0m - The following errors were reported by the server:
Domain: autodiscover.lorenzobloedow.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
autodiscover.lorenzobloedow.com - check that a DNS record exists
for this domain
Domain: cpcalendars.lorenzobloedow.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
cpcalendars.lorenzobloedow.com - check that a DNS record exists for
this domain
Domain: cpcontacts.lorenzobloedow.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
cpcontacts.lorenzobloedow.com - check that a DNS record exists for
this domain
Domain: webmail.lorenzobloedow.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
webmail.lorenzobloedow.com - check that a DNS record exists for
this domain
- The following errors were reported by the server:
Domain: cpanel.lorenzobloedow.com
Type: unauthorized
Detail: Invalid response from
https://cpanel.lorenzobloedow.com/.well-known/acme-challenge/-MCUP43vU0sqmxItSrul42dOMt0HWH4ojmz9SqGCq2U
[50.62.141.184]: "\n<!DOCTYPE html>\n<html lang=\"en\"
dir=\"ltr\">\n<head>\n <meta http-equiv=\"Content-Type\"
content=\"text/html; charset=utf-8\" />\n "
Domain: webdisk.lorenzobloedow.com
Type: unauthorized
Detail: Invalid response from
https://webdisk.lorenzobloedow.com/.well-known/acme-challenge/c3Ue1U0bbLZKk7N0iqcFOE8QtewPvXju4o_-ZKgZnok
[50.62.141.184]: 401
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
1 Like
Here you go, sorry for taking too long, I'm really busy.
1 Like
You don't need your own certificate for those subdomain names. GoDaddy will redirect those to your hosting machine name (for http connections, which then redirect to https connections), which is covered by their own certificate. You most likely only really need a certificate covering lorenzobloedow.com and www.lorenzobloedow.com.
1 Like
It shows as insecure because you are not redirecting http to https but if you access your site using https://lorenzobloedow.com/ you will see it as secured.
3 Likes
Exactly, @sahsanu. I already gave him the proper way to do the redirect in cPanel.
I try to spread this information as much as I can because I myself used to use .htaccess to do this, which is error prone and far less efficient. Amazingly, he already has a www to apex redirect, somehow. I think it might be an application-based redirect.
3 Likes
I'm really confused haha, can you please explain what is www to apex redirect and what is .htaccess?
1 Like
www.domain.com redirected to domain.com (the apex)
.htaccess is a file used to control various aspects of accessing a folder that can be used for redirecting traffic
2 Likes
Oh ok, thanks.
By the way, about the output I sent you, can you help me with that? Some weeks ago I've tried some solutions but it didn't work.
1 Like
Im getting the same DNS does not point to this server message also. Not possible.
Using centos CWP admin gui. Ugg I know, not your problem. But for some reason, there is an issue with DNS and so Im thinking it is your problem.
1 Like
You mean the NET::ERR_CERT_COMMON_NAME_INVALID issue? That's not that uncommon, right? That a different certificate is presented, because the correct certificate isn't installed or doesn't even exist at all? Not strange at all.. Perhaps I didn't understand correctly what you meant 
Although I still don't understand what you meant with:
If you have just a certificate with those two hostnames, it won't be possible to use a different subdomain than the www subdomain.
Also, any HTTP redirect won't work if there is a TLS error earlier.
1 Like
You are correct. Connecting directly with https yields a certificate error regardless. 
Admittedly, I have typically used a wildcard certificate that avoids this issue altogether. I attempted, unsuccessfully, to extend the "clean install" behavior to this situation. My solution was simply to delete the CNAMEs I didn't want anyhow from my DNS.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.