Letsencrypt on subdomain

I wanted to make subdomains secued by using letsencrypt. however, when while accessing subdomain, I am getting following error

“This server could not prove that it is conquistadorjd.goingplaces.me; its security certificate is from goingplaces.me. This may be caused by a misconfiguration or an attacker intercepting your connection.”

My domain is: goingplaces.me
My web server is (include version): nginx
The operating system my web server runs on is (include version): ubuntu 16.04 and chrome
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes

If i register “conquistadorjd.goingplaces.me” I get similar error for goingplaces.me.
Can you please let me know how to make sub domains also secured ?

Put both the subdomain and the domain on the certificate. Since you didn’t answer the questions you were presented when you started this topic, I can’t really tell you how to do that with your client.

Unfortunately, if one types things in the text box first and then set the section to "Help", there won't be any questions presented..

@conquistadorjd Here are the questions @danb35 meant, could you fill them in as complete as you can?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

@Osiris @danb35 Thanks for your response.
I ran following command and now error is not showing up, however subdomain is not being shown as secured
sudo certbot --nginx -d goingplaces.me -d www.goingplaces.me -d conquistadorjd.goingplaces.me -d www.conquistadorjd.goingplaces.me

2018-08-11%2017-11-26%20lets%20encrypt

I am planning to use this site as multisite, there will be large number of subdomains. I tried to search for subdomain wildcard but could not find much, can you please assist me?

I did use part of the questionnaire, I skipped following questions as these were not relevant
I ran this command:
It produced this output:

https://www.whynopadlock.com/results/111369f2-d446-4780-bc8e-5206f6c37d15

1 Like

Wildcard-certificates are possible. You have to use dns-01 - challenge, so you should have a dns-provider with an api.

Then you need only one certificate with two names - *.goingplaces.me and goingplaces.me

But you can't create something like ..goingplaces.me, so www.conquistadorjd.goingplaces.me isn't supported.

And fix your mixed content warnings - http -> https. Chrome / FireFox, Ctrl + Shift + I, then select the console.

http :// conquistadorjd . files . wordpress . com / 2013 / 05/img_6200-1.jpg

Thanks for your response, is there any step by step guide for wildcard subdmaon registration ?
like the one for this one for letsencrypt for simple domain ?
https://www.techtrekking.net/how-to-add-ssl-and-https-to-wordpress/

and yes, I am fine with *.goingplaces.me , ..goingplaces.me is not required

That isn't required.

You have already certificates created. With Certbot? If yes.

  1. Check your Certbot version. Wildcard-certificates need the ACME-protocol v2.
  2. First use the v2 - staging/testsystem.

https://certbot.eff.org/docs/using.html#certbot-commands

If I know it correct, it's enough to define -d *.goingplaces.me as domain name. If there is no other info, Certbot may ask.

Certbot certonly --manual --test-cert -d *.goingplaces.me

Thanks @JuergenAuer I followed theinstruction. Added text record but got following error

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. goingplaces.me (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.goingplaces.me

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: goingplaces.me
   Type:   unauthorized
   Detail: No TXT record found at _acme-challenge.goingplaces.me

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address

Not sure if there is delay from domain provider in applying TXT record.

I can't find a txt record

_acme-challenge.goingplaces.me
_acme-challenge.goingplaces.me.goingplaces.me (sometimes seen)

And there is no CNAME record with one of these names. Tested local and online.

Can you create a picture of the menu you had used?

I guess, this is the main issue but when I added CNAME record in 1. digitalocean and 2.bigrock (domain name reseller) I got following error at txt record

I meant: You don't need a CNAME, but I checked if you had created

_acme-challenge.goingplaces.me as CNAME with the value.

You don't need a CNAME, you need only _acme-challenge.goingplaces.me as TXT entry.

You have a long TTL - I use a TTL with 300 seconds (not digitalocean).

But your entries are ok.

Remove the CNAME record with this name.

PS: You have another CNAME which is wrong:

_acme-challenge.goingplaces.me canonical name = goingplaces.me

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.