I have been assigned with below task & I want to know if we can proceed with this task or not?
At present for e.g. my one website example.ca. is already running at 1 server and on 2nd server, my other website is running at example.com. Also, SSL certificates are already installed on both of them. Now I want to host another website on my 2nd server with domain name : example.ca.example.com.
So I want to confirm if its possible to install Let's encrypt for domain like this?
Yes, it's possible as long as your DNS is configured correctly.
There is a limit on overall length for the FQDN, and each label.
A fully qualified domain name consists of a list of domain labels representing the hierarchy from the lowest relevant level in the DNS to the top-level domain (TLD). The domain labels are concatenated using the full stop “.” character (dot or period) as a separator between labels. The length of each label must be between 1 and 63 octets, and the full domain name is limited to 255 octets, full stops included. Fully qualified domain name - Wikipedia
Thanks for your response.
I created a directory:
mkdir -p /var/www/example.ca.example.com
I then created a configuration file -> example.ca.example.com.conf
Added below parameters:
ServerName : example.ca.example.com
(U)pdate certificate/(C)ancel: U
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2022-05-24.
After installation, I am unable to access my example.ca website hosted on 1 st server, however I am able to access example.ca.example.com & example.com hosted on 2nd server but they are displaying same html file. however the path to root directory was different.
Also, I am able to ping the IP of 2nd server but it is not secure now.
things messed now, can you please suggest how can I access all three websites and also secure my IP address for 2nd server
Here your hostname would be resolved to an IP address by Apache.
Also, having duplicate VirtualHosts for example.com in both example.com.conf as in 000-default-le-ssl.conf is not recommended. For some reason there's also a HTTP virtualhost in 000-default-le-ssl.conf, which is weird.
Thanks for the suggestion.
Yes now I have removed the duplicate virtual host configuration in 000-default-le-ssl.conf & refreshed the apache services but it didn't make any change in current situation.
Yes. And also for the HTTP virtualhost on port 80. Everything using * will make your life more easy regarding Apaches VirtualHosts. (Unless you actually require IP based virtualhosts, but that's unlikely.)
Thank you so much that worked. I am able to access my example.com & example.ca.example.com perfectly fine.
I am also able to access my example.ca via http but ssl certificate is removed. So do i need to re do the ssl certificate on that server?
Addtionally, I am also able to ping my ip of current server but its not secure. is there any way I could make it secure or redirect the traffic from my http:ip to my example.com or example.ca.example.com.
Could also be the HTTP to HTTPS redirect isn't there any more. Please show the output of sudo apachectl -t -D DUMP_VHOSTS again.
How are "ping" and "secure" related? I've never heard of a "secure ping".
In theory, sure. Most easy would be to add a specific redirect recognising your IP address within the "default" HTTP VirtualHost. As Let's Encrypt doesn't offer certificates for IP addresses, you can't secure your IP address as a hostname using a Let's Encrypt certificate though, so HTTPS wouldn't work for your IP address.