Installing a SSL/TLS certificate for a "domain.ext" (not "www.domain.ext")


#1

Please fill out the fields below so we can help you better.

My domain is: raptordev.ch (hosted on a Windows 2008 R2 PC)

I ran this command: I succesfully installed a letsencrypt certificate for “www.raptordev.ch” (hosted on IIS) using Letsencrypt_Win_Simple.exe utility (found on github).

It produced this output: I can now successfully access my website on https://www.raptordev.ch
but I also installed a RabbitMQ server listening AMQP messaging protocol on port 5671 in SSL/TLS, it also has a web management console listening on https://raptordev.ch:15672
I cannot reach neither the RabbitMQ/AMQP listener from outside with a browser at https://raptordev.ch:5671 nor the web management console at https://raptordev.ch:15672
(Of course, the TCP ports #5671 and #15672 both have been opened in entry on my firewall)
I get the following error message when trying to reach them from a browser in https:

The connexion is not secure… The certificate is invalid… The certificate is valid only for www.raptordev.ch… error code: SSL_ERROR_BAD_CERT_DOMAIN

My operating system is (include version): Windows 2008 R2

My web server is (include version): IIS 7

My hosting provider, if applicable, is: self hosetd (server rent by soyoustart.com at IP 94.23.220.199)

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know but probably no since the server’s OS is Windows.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no.

I suppose I have to install another Letsencrypt certificate for my domain “raptordev.ch”. Is that true ? How can I proceed ? Do I have to do it manually using certbot ?

How to proceed exactly ?

I need the signed certificate as a .pem file and the private key as a .pem too in order to configure my RabbitMQ server.

Thank you for your help !


#2

From Let’s Encrypts perspective, you can have up to 100 (sub)domains in óne certificate. However, it’s up to the client to ask for it. And I have no idea how Letsencrypt_Win_Simple.exe would manage that.

This Wiki https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/How-to-Run has some more info.

Apparently, you can use --manualhost to manually add (sub)domains. So I’d suggest running the EXE again with --manualhost raptordev.ch --manualhost www.raptordev.ch.


#3

Thanks for the help.

Apparently the --manualhost option cannot be defined multiple times. I’ll ask the question directly to the author of the letsencrypt_win_simple utility…

I posted the question here: https://github.com/Lone-Coder/letsencrypt-win-simple/issues/410


#4

Ok, the issue is solved.

Osiris was right saying the point was to have the two (sub)domains in one certificate. (www.raptordev.ch and raptordev.ch).

To get this with the Lestsencrypt_Win_Simple utility (letsencrypt.exe) the solution was to run it with the --san option to generate a SAN certificate (with Subject Alternative Name).

To make letsencrypt.exe add the Subject Alternative Name “raptordev.ch” in the “www.raptordev.ch” certificate, it was required to previously add a supplementary iis binding on port 80 for “raptordev.ch” on IIS, because the lestsencrypt.exe utility will scan all port 80 bindings it finds on IIS to generate the alternate SAN fields in the certificate.

Once the new SAN certificate files were generated, it was possible to remove the supplementary iis binding on port 80 for “raptordev.ch” and to configure my RabbitMQ server with an SSL/TLS listener (on port 5671) with this new SAN certificate and private key files (.pem) to make it succesfully accept secured SSL/TLS AMQP connections on https://raptordev.ch:5671.

Hopes this will help others !


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.