Multiple A record certificate

doronyaary · November 7, 2021, 5:32pm

Hello.
This is my domain (for this discussion): example.com
My domain has two A records which point to the same IP address.
A.example.com -> 1.1.1.1
B.example.com -> 1.1.1.1

I ran this command:
certbot -apache -d B.example.com

Everything went OK and apache was updated without any issues. However, when I browsed to my web site (B.doron.com) it said that the certificate is invalid because im not goind to A.example.com

Why A? I specifically mentioned "B.example.com" in the command...
What am I missing?

Thanks!

MikeMcQ · November 7, 2021, 5:50pm

This would be a lot easier if you would provide the actual domain names.

But, one guess is you are redirecting B to A in your Apache conf

If you provide the actual names we could diagnose this properly

griffin · November 7, 2021, 5:53pm

Welcome to the Let's Encrypt Community, Doron

Why not just do this?

certbot --apache -d "A.example.com,B.example.com"

doronyaary · November 7, 2021, 5:53pm

Hi Mike,

Thanks for the quick reply. The browser returns an error saying that Im trying to go to "B" but the certificate is issued on A. Let me try to show you - so my real "A" is called "TASKS" but I specifically requested it on "B". This is the error:

doronyaary · November 7, 2021, 5:54pm

Hi Griffin,

I dont need "A" - thats the issue.

griffin · November 7, 2021, 5:55pm

I think @MikeMcQ is probably on track about the redirect from B to A.

doronyaary · November 7, 2021, 5:57pm

I checked it but there is not any mention in apache for "TASKS"... the only "common ground" here is that I have two A records pointing to the same IP. But, if I execute the command you showed would the certificate be OK for both subdomains?

I mean this command:

certbot -apache -d "A.example.com,B.example.com"

griffin · November 7, 2021, 5:57pm

What is the output of:

sudo apachectl -S

Please put 3 backticks above and below the output, like this:

```
output
```

griffin · November 7, 2021, 5:57pm

Correct. It wouldn't solve the redirect, but it would ensure that both domain names are covered by the certificate being served.

SNI will handle that easily.

doronyaary · November 7, 2021, 5:58pm

Let me try...

griffin · November 7, 2021, 6:01pm

You might not have your Apache VirtualHosts configured correctly.

Hence...

doronyaary · November 7, 2021, 6:02pm

What does this error mean? when executing the command:

The requested pache plugin does not appear to be installed

What am I missing here? It worked find with one subdomain earlier...

griffin · November 7, 2021, 6:03pm

It needs to be --apache, not -apache. Missing a hyphen.

doronyaary · November 7, 2021, 6:07pm

Griffin,

You did the trick with the "A.example.com,B.example.com" command!

Much appreciated !!!

griffin · November 7, 2021, 6:08pm

It's a bandaid, but it will get you moving along until you get your Apache configuration how you want it.

Be sure to look in your .htaccess files for goofiness as well.

doronyaary · November 7, 2021, 6:16pm

Thanks!

system · December 7, 2021, 6:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.