Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: certbot --dns-digitalocean-credentials [Credentials]
It produced this output:
My web server is (include version): Apache 2.4.41
The operating system my web server runs on is (include version): Ubuntu 20.4
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.25
I have a MediaWiki install on my Apache server and I am running two MediaWiki wikis from it. One is located at spicewars.whiki.online and has a certificate via certbot. I've just created another one at testing.whiki.online. I'm trying to assign a certificate to it, but whenever I run the command to assign one, it isn't recognising the second domain, testing.whiki.online, and just gives me the option to reassign to the first one. Anyone any ideas what I'm doing wrong? I tried to follow the "to acquire a wildcard" section here, but I get this output: File not found: /root/.secrets/digitalocean.ini.
Does anyone have any ideas how I can assign a certificate to testing.whiki.online (and indeed any further subdomain of *.whiki.online, and get certbot to recognise it?
I was able to somewhat get it installed after a bit of fiddling around, but I'm still having issues.
I created a new file named testing.whiki.conf, and then I ran the command with my API key from [here](https://certbot-dns-digitalocean.readthedocs.io/en/stable/), and that perhaps seems to give me a certificate. When I view the certificate on testing.whiki.online, however, it shows that the certificate is from spicewars.whiki.online? Is that going to be a problem, or impact me in any way?
Furthermore, when I go to renew the certificates or anything, it still isn't picking up testing.whiki.online as a domain, only spicewars.whiki.online. How can I remedy this to ensure I can install certificates on subdomains in the future?
It is related to how you set up your virtualhosts in Apache. If you have separate virtualhosts in Apache for each domain, then you can get Certbot to install distinct certificates to each of them.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 whiki.online (/etc/apache2/sites-enabled/mediawiki-le-ssl.conf:2)
*:80 spicewars.whiki.online (/etc/apache2/sites-enabled/mediawiki.conf:1)
Then certbot can pick up your config and it will ask if you want one certificate for both or one certificate for each, and it will also automatically create and configure the proper https virtualhosts (port 443) -- run it like sudo certbot with no options, if you don't see all the subdomains you need, your Apache config needs editing.
Thanks! I deleted all of the files and started again, and have managed to get it to recognise the domains. It works on testing.wihki.online, but now I'm having difficulty with spicewars.whiki.online, which is throwing a 404: Apache/2.4.41 (Ubuntu) Server at spicewars.whiki.online Port 443
To further complicate things, I've had a look at the certificates I currently have and looks like there is a crossover between spicewars.whiki.online individual cert and a shared one:
No, you have all the certificates you need and they do not interfere.
What you see is an Apache problem, not a certificate one. I don't know why two identical VirtualHosts are behaving differently. Maybe because they share the same ServerAlias (they must not share it. decide which one should answer for that domain name -- or none of them, since you haven't asked for a certificate on the second level domain directly.)
@whiki As 9peppe noted, you have whiki.online listed as ServerAlias in both VirtualHosts and it can only be in one. If you do not need to use that name just remove the ServerAlias from both
The duplicate Alias is probably why no cert has that domain name in it.
But, something looks wrong. Your Apache VirtualHost refers to testing.whiki.online-0001 but the list of certificates you show do not list such a cert.
Can you show sudo certbot certificates again? You will at least want to delete the unused extra certs you have.
They're working now, but assigning the SSL cert seems to have caused an issue with the URL rewrites I have set.
In this case, the pages live at /index.php/PAGE, but I set up a rewrite for /wiki/PAGE, which was working previously. Since assigning the SSL, however, if I try the rewrite again, it shows the apache error again. Any ideas why this is happening? (I understand if you aren't knowledgeable on MediaWiki and cannot help).
.htaccess file:
RewriteEngine On
# main rewrite rule
RewriteRule ^/?wiki(/.*)?$ /index.php [L]
# Redirect / to Main Page
RewriteRule ^/*$ /index.php [L]
Is there something I need to change in the apache settings instead?
Apache rewrite rules are always a bit disorienting. They might interact with each other (if they specify END and in some other cases) and they're not easy to manage.
And tutorials do not help. I found out the hard way that the only sensible way to understand rewrite rules is to carefully study the actual documentation:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server spicewars.whiki.online (/etc/apache2/sites-enabled/spicewars-whiki-le-ssl.conf:2)
port 443 namevhost spicewars.whiki.online (/etc/apache2/sites-enabled/spicewars-whiki-le-ssl.conf:2)
port 443 namevhost testing.whiki.online (/etc/apache2/sites-enabled/testing-whiki-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server spicewars.whiki.online (/etc/apache2/sites-enabled/spicewars-whiki.conf:1)
port 80 namevhost spicewars.whiki.online (/etc/apache2/sites-enabled/spicewars-whiki.conf:1)
port 80 namevhost testing.whiki.online (/etc/apache2/sites-enabled/testing-whiki.conf:1)
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
