macOS Server and multiple domains


#1

I have a mac mini running macOS 10.12.4 and Server.app 5.3 hosting 6 different websites.

I followed the instructions, https://community.letsencrypt.org/t/compatibility-certbot-osx-server/19914/2?u=dennispipper to setup LE on the default domain, it worked fabulously well!

However, when I went to add a certificate for a second domain, I got an error:

Failed authorization procedure. www.anchorliving.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.anchorliving.net/.well-known/acme-challenge/HKDWUTD7_vBSp6egICQBpWS-dqL8A13PEAmUM1CoCfc:

I tried changing ownership for the anchorliving.net webroot to the same as the Default site but that didn’t seem to help.

It was impressive how quickly the first site was processed without issue. When I try to load the site, https://anchorliving.net, it forwards to the Default domain’s SSL site

Thanks for any help!

Dennis


#2

Hi @dennispipper,

I guess you have different directories from which the content of each of your six different web sites is served? If so, did you specify the correct one with -w when requesting your second certificate?

The error that you saw is often a symptom of specifying an incorrect directory as the webroot with -w.


#3

Thanks for the reply, @schoen !

Yes, for my default server site, I issued the following:

sudo letsencrypt certonly --webroot -w /Library/Server/Web/Data/Sites/Default -d spartn.com -d www.spartn.com

After everything succeeded, I then went to the second site, I entered:

sudo letsencrypt certonly --webroot -w /Library/Server/Web/Data/Sites/anchorliving -d anchorliving.net -d www.anchorliving.net

My other sites are all in directories off of the main /Sites directory as listed


#4

If you put a file text.txt into /Library/Server/Web/Data/Sites/anchorliving/.well-known/acme-challenge, does it then become visible on the web at http://anchorliving.net/.well-known/acme-challenge/test.txt?


#5

Sorry for the late reply, but there is no acme-challenge folder in the .well-known directory

Dennis


#6

Could you create one with mkdir, and then try the experiment?


#7

If I create the directory and the test text file with sudo the URL resolves to the Text file.


#8

Hi @dennispipper, thank you for trying this test. It turned up something useful! Namely, there is a discrepancy between

http://anchorliving.net/.well-known/acme-challenge/test.txt and
http://www.anchorliving.net/.well-known/acme-challenge/test.txt

The former works perfectly, while the latter returns an error!

This must have something to do with your web server configuration. If you could get both of these to work in the same way, the certificate issuance should be able to proceed.


#9

It looks as though the multiple domains I have on the server do the same thing. When I enter, anchorliving.net it loads fine. When I add www.anchorliving.net it forwards to the default domain on the server, which is the domain that currently has the cert that works - it’s very odd.


#10

You could probably work around this problem by using -w /Library/Server/Web/Data/Sites/anchorliving -d anchorliving.net -w /Library/Server/Web/Data/Sites/Default -d www.anchorliving.net (which uses a different webroot for each domain, but will generate a single certificate at the end). However, this isn’t a very nice solution because it doesn’t address the underlying problem of why www.anchorliving.net is actually serving different content from anchorliving.net.


#11

The issue was with the way I configured my website in Server.app I ended up having to add the www. to the domain configuration in Server.app within macOS

Thanks for the help, it now works on all my domains!


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.