Hey guys, huge fan of this project since day one and truly believe this has made the web a better place for us all!
I run portainer serving a nginx reverse proxy and want to terminate ssl there. It serves two domains and a number of subdomains so I want to get a wildcart cert for the two.
My domain is: kanzie.com & levinilsson.com. I’m running the container from linuxserver and have configured it to the best of my understanding from the docs. I have spent the better part of the day trying to google my way to a solution but have to give up and ask for support here.
When running the certbot command the feedback is:
TZ=Europe/Berlin
URL=kanzie.com
SUBDOMAINS=wildcard
EXTRA_DOMAINS=levinilsson.com
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=kanzie@redacted.com
STAGING=false
2048 bit DH parameters present
SUBDOMAINS entered, processing
Wildcard cert for kanzie.com will be requested
EXTRA_DOMAINS entered, processing
Extra domains processed are: -d levinilsson.com
E-mail address entered: kanzie@redacted.com
dns validation via cloudflare plugin is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No match found for cert-path /config/etc/letsencrypt/live/levinilsson.com/fullchain.pem!
nerating new certificate (SIC)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for kanzie.com
dns-01 challenge for kanzie.com
dns-01 challenge for levinilsson.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/kanzie.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kanzie.com/privkey.pem
Your cert will expire on 2019-12-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
“certbot renew”
My web server is (include version):
nginx, using container from linuxserver.io. https://hub.docker.com/r/linuxserver/letsencrypt
The operating system my web server runs on is (include version):
Ubuntu 18.04
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
If I go to levinilsson.com I get a broken padlock because the certificate is registered for *.kanzie.com so it seems to be serving that primary cert for all requests indifferent of SNI?
Right now my server just died so I can’t access any of the configuration files but hope that this is enuogh for now to point me in the right direction or let me know what information I need to provide for you to be able and guide me towards a solution.