LetsEncrypt on Multiple Subdomains, Multiple Server & Multiple IPs


#1

Here is my Problem:-

I have the following Configuration for my website

Server 1 (Running Apache2)
Running www.domain.com & user.domain.com
Already SSL Secured

Server 2 (Running NGinx)
Running chat.domain.com
Need to be SSL secured

Whenever I follow the process listed here:- https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

I get the following Error:-

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: www.chat.domain.com
Type: unauthorized
Detail: Invalid response from
http://www.chat.domain.com/.well-known/acme-challenge/JERhGUjWJfNOi4fZ9Yi5rqV65UjVzOgMnH9JHU3lpsQ:
"

404 Not Found

404 Not Found


"

Domain: chat.domain.com
Type: unauthorized
Detail: Invalid response from
http://chat.domain.com/.well-known/acme-challenge/U8ZbuOJLaFlNdBcHfP1GAdGg8aivjbmb3ZJ42DnkJdI:
"

404 Not Found

404 Not Found


"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

I have double checked that the DNS A Record Exists

I want to use the same License that I used for domain.com to be used for all the Subdomains. Please help with the Procedure & Commands I need to execute.


#2

Hi,

For this part, you need to use –expand option.

For the 404 error : are you sure of your --webroot-path in your command line ? Maybe best is to put the comple command line you use …


#3

@Shnoulle…please help me with the exact syntax for the ‘expand’ command

We are using this command in the Console:-
certbot-auto certonly -a webroot --webroot-path=/var/www/chat -d chat.domain.com


#4

Something like this :slight_smile:

certbot-auto certonly -a webroot --expand --webroot-path=/var/www/chat -d chat.example.com --webroot-path=/var/www -d example.com -d www.example.com -de user.example.com

Currently : you need to use same action you do for example.com and user.example.com , adding --expand + the new domain and webroot.

Denis
PS : see usage of example.com , don’t use another real domain : example.(org|com) is done for example.


#5

The second time you wrote --webroot-path=/var/www -d example.com -d www.example.com -d user.example.com… it exists on a different server…are you sure we need to use that web root?

Your command gave me this Error:-
/var/www/html does not exist or is not a directory

OR
On which server we need to use this command in the www.example.com or in the chat.example.com server?


#6

Oh right, certbot didn’t directly offer such system , see only a mount in network one server in another server ??? :crying_cat_face: :scream_cat:


#7

I just went through the process of generating a single Let’s Encrypt certificate for multiple subdomains and here is a solution that might help. It involves creating a dummy VirtualHost for each of your subdomains that exist (including those on different servers). I posted a short article in the link below explaining the leasons learned I gained when installing Let’s Encrypt digital certificates on my Apache web server which provides HTTP and HTTPS access to multiple subdomains. https://www.hueyise.com/index.php/letsencrypt

You probably need to create a VirtualHost for the HTTP access AND a VirtualHost for each subdomain accessible via HTTPS. IMPORTANT: Each VirtualHost definition must be specified in a single configuration file. The Let’s Encrypt certbot will not operate correctly if multiple VirtualHosts are defined within a single configuration file. I defined three (3) VirtualHosts in three (3) different configuration files below. The dummy.conf file serves no functional purpose within Apache (i.e., it will not cause an unnecessary 999 listening port), but it is absolutely necessary for digital certificates to be successfully generated by the Let’s Encrypt certbot.

Then on one server, you can run the following command to generate the certificate. Once the certificates are generated, you would then need to place the certificates onto the other server and make the appropriate updates to the configuration files.

certbot certonly -d example.com -d www.example.com

The challenge with this solution is that it complicates the automatic renewal process. You may need to augment the renewal script with a function to copy the renewed certs over to the other subdomain servers if they are not implemented on the same host.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.