could please suggest me the solution
You have all you need.
Certificates
and you know how to install these. So do that.
And there is no error shared. If you have an error with a Firefox, share a screenshot and the exact url. Use the online tool to check and to fix your configuration.
That's already answered - 7 days earlier.
Your www version has the wrong certificate.
Overall I think there are two big difficulties here:
(1) Each of the certificates seems to have either merritos.com
or *.merritos.com
, but not both. This is a problem because wildcards donât cover the base domain. The *.merritos.com
certificate is not valid for https://merritos.com/
, although Chrome may overlook this mismatch. This could be fixed by getting a single certificate that covers both names. That can be requested in Certbot by giving multiple -d
flags, for example.
(2) Some of your existing certificates are stored in /etc/letsencrypt
in a way thatâs invalid from Certbotâs point of view, as can be seen from the errors about expecting files to be symlinks. It would be good to understand how this happened. It may be causing problems with certbot renew
and possibly in some other situations; for example, this likely has something to do with the reason why there are so many different -0001
, -0002
, etc., certificates. One thing we could look at is the output of ls -lR /etc/letsencrypt/{live,archive}
to see whatâs there compared to what Certbot expects.
Thank you!
can we run this command to get new certificate for www.merritos.com
certbot certonly --manual -d www.merritos.com --preferred-challenges dns
Unless thereâs a good reason not to share certificates between the two domains, I think you should run
certbot certonly --manual -d www.merritos.com -d *.merritos.com -d www.merritos.in -d *.merritos.in --preferred-challenges dns
And never deviate from that until you add more domains. Every time you mix which domains you obtain or renew, the file names will change, and as youâve seen, it leads to a lot of confusion to have a mix of certificates that cover different sets of domains.
Hi ,
We are getting below error, could you please check
[root@li1636-240 ~]# certbot certonly --manual -d merritos.com -d www.merritos.com --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/merritos.com-0005.conf)
It contains these names: merritos.com
You requested these names for the new certificate: merritos.com,
www.merritos.com.
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for merritos.com
dns-01 challenge for www.merritos.com
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If youâre running certbot in manual mode on a machine that is not
your server, please ensure youâre okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: Y
Please deploy a DNS TXT record under the name
_acme-challenge.merritos.com with the following value:
v1cEeE2WIJ01yhlc6ZM857x47BjA_1dXgnyacCkbud8
Before continuing, verify the record is deployed.
Press Enter to Continue
Please deploy a DNS TXT record under the name
_acme-challenge.www.merritos.com with the following value:
uGyr4-a2-iRKQSHGejYwrlTIBFN7HjuNIPS0tkpW4F0
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verificationâŠ
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
Failed authorization procedure. www.merritos.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.merritos.com
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.merritos.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.www.merritos.com
I see multiple TXT records for _acme-challenge.merritos.com but none for _acme-challenge.www.merritos.com, as the error says. I donât think you ever said who your DNS provider is, are you able to create nested subdomains? Nearly all DNS providers should let you create a _acme-challenge.www TXT record. Domainkeys can get 2 or 3 deep.
Actually, *.merritos.com already includes www.merritos.com, I think I meant to recommend -d *.merritos.com -d merritos.com
, no subdomain at all.
ya we thought the same if *.merritos.com have certificates then no need for www.merritos.com.
But in firefox we are getting error.Except www.merritos.com all other subdomains are working good for *.merritos.com
And linode is our domain provider.
You still arenât using a cert with *.merritos.com on www.meritos.com. That oneâs only valid for meritos.com, no subdomains. Still a configuration update issue.
thank you so much for your support, issue has been resolved by mapping with subdomain certificates
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.