i will try
No, you can't get a wildcard cert using http validation. But again, why were you trying to use DNS validation in the first place?
Well tbh i read about DNS validation on internet also first time using certbot
That ("-000
1") is usually a sign of things not going as expected.
What shows?:
certbot certificates
if i can't get wildcart i can do something like this?
sudo certbot certonly --manual -d lerg.lt -d www.lerg.lt -d vvp.lerg.lt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: lerg.lt-0001
Serial Number: 398cab2e1dcebb120cbe98f935d9c4b46d0
Key Type: RSA
Domains: lerg.lt
Expiry Date: 2023-06-12 20:43:09+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/lerg.lt-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lerg.lt-0001/privkey.pem
Certificate Name: lerg.lt
Serial Number: 45042445548658c11d98d130a2cf1e76f95
Key Type: RSA
Domains: lerg.lt www.lerg.lt
Expiry Date: 2023-06-08 14:32:29+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/lerg.lt/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lerg.lt/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You aren't answering the question, and that's making it hard to help you. If there's a guide you're following, a link would be helpful. If you just decided on your own to do it, why?
Generally speaking, DNS validation is only viable if you're using a DNS host with an API that certbot supports, to allow it to automate changes to the records--and even if you do, it's generally more complicated to work with than HTTP validation. That means that, unless you have a particular need for DNS validation (which would ordinarily be only in cases where you wanted a wildcard cert, or where you wanted a cert for a server that isn't accessible from the public Internet), you shouldn't be using it.
The first cert is pretty much useless:
Let's get rid of that one [if your web server isn't using it], with:
certbot delete --cert-name lerg.lt-0001
Then reshow:
certbot certificates
well i deleted that and only have this
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: lerg.lt
Serial Number: 45042445548658c11d98d130a2cf1e76f95
Key Type: RSA
Domains: lerg.lt www.lerg.lt
Expiry Date: 2023-06-08 14:32:29+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/lerg.lt/fullchain.pem
Private Key Path: /etc/letsencrypt/live/lerg.lt/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
well i read some random post on intented how to do it
To add to @danb35's pint:
The whole pint of LE is automation [that's why certs are so short-lived (90 days)].
If you aren't going to automate the certificate renewals, you might as well buy a one year cert and only have to be bothered renewing it once a year.
[ Yes, I purposely spelled point as pint - no need to correct me ]
Well i want to get certificate working at first and latter i will concider about buying or maybe automating it
There is 85 days of life left in that one, we should let it live a bit [before killing it - lol]
So, since the content will be different - thus the vhost will also be different, I see no relevant/dire reason to merge the three names onto one cert.
So...
You can probably obtain a single cert for vvp
using HTTP-01
authentication [instead of DNS-01
] and automate it so that it renews all on it's own.
[then on the next renewal, we can do the same for the other cert/two names]
To that end, try:
Maybe you should start by reading some docs. Start here:
...and then:
I stand corrected!
[and first in line at the tap]
well i have tryed that and getting this
Challenge failed for domain vvp.lerg.lt
http-01 challenge for vvp.lerg.lt
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: vvp.lerg.lt
Type: unauthorized
Detail: 80.209.237.42: Invalid response from
http://vvp.lerg.lt/.well-known/acme-challenge/jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw:
400
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
You're not showing the choices made prior to that.
thats is the full
sudo certbot certonly --manual -d vvp.lerg.lt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for vvp.lerg.lt
Performing the following challenges:
http-01 challenge for vvp.lerg.lt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw.BTYdvn8zv5JjwijnYjvL-ins8n0hk9rW3loEY8biQOY
And make it available on your web server at this URL:
http://vvp.lerg.lt/.well-known/acme-challenge/jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Challenge failed for domain vvp.lerg.lt
http-01 challenge for vvp.lerg.lt
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: vvp.lerg.lt
Type: unauthorized
Detail: 80.209.237.42: Invalid response from
http://vvp.lerg.lt/.well-known/acme-challenge/jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw:
400
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Supplemental information:
$ curl http://vvp.lerg.lt/.well-known/acme-challenge/sometestfile
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.54 (Debian) Server at qkqy.c.dedikuoti.lt Port 80</address>
</body></html>