As far as I understand this will get me 2 certs, one for the domain1 and 1 for domain 2 (and all of the included subdomains).
What i really need is one certificate for all of them but from what I’ve read the webroot plugin will give me an error as it needs to validate the root path of the website but, due to my configuration (I’m using apache) each domain is on it’s own path (/home/DOMAIN/public_html/).
I don’t really want to mess up the server as it’s already on production (the http part).
Ok, so last week i reached the 5 certificates limit and had to wait a week for it to renew. Now I’m back at it and when i run the command i get this:
I looked for the certs on /etc/letsencrypt/live and there was nothing there so i did a search on my server and it turns out they are being stored on /etc/letsencrypt/archive/www.DOMAIN.com/
So I tried to use those certs (weird that it put them there instead of live but tried it just in case) and when i try to access a website it says the certificate is not valid as it has been issued by happy hacker fake CA.
I’m new to all this server/certificate stuff so I’m pretty sure i messed it somewhere and i don’t really know where…
Before this i tried last week deleting all folder and certificates of the website under /etc/letsencrypt/live and the conf file under /etc/letsencrypt/renewal/
Maybe thats where i went wrong… :S
Thanks a lot
I’m editing myself… So it seems that the certs i refer to a few lines above are the ones i created last week and the new ones are nowhere to be seen… so i basically have no idea where they are… I’m gonna try deleting the directories in the “archive” as well as the conf files and see what happens… hopefully i will not get a “limit reached” error
Hi @pqangel, I think we really have to figure out some way to discourage people from always deleting stuff under /etc/letsencrypt, since many people have done so and run into problems. There are, as the database people like to say, referential integrity issues, because the various things within that directory refer to one another. If you delete one but not the other, the software can get confused because it may make incorrect assumptions about files that should exist, or about where it can safely save new certificates.
You are completely right about it but when you are a"n00b" like myself some times it seems like “the best and fastest” choice…
BTW doing what i just said i could successfully create the certificates but it seems i didn’t do something right as now I’m getting a not completely trusted certificate (although it’s signed by letsencrypt and everything seems right…). when i access my website (under wordpress) it says “connection is not safe, parts of this website are not secure (like images)” But I’m sure this is a theme or wordpress issue.
I’m also having a hard time with authentication and signing emails… (gmail says my mails are no signed… ) so I’ll dig around and see what I get although suggestions are welcome
The most common reason for your sight “not been trusted” when everything else looks right is because you are loading images via http not https. Try checking your domain at https://www.whynopadlock.com/
All I’ve got left is to figure out an authentication error I have on my mail server, but thats a completely different story that has nothing to do with letsencrypt.
If you have a certificate for the server name, then that is usually sufficient ( is you use the full chain ) for configuring email for google and others to accept.
the problem I have is login from a mail client to my mail server (postfix). I can login correctly using webmail and everything is ok so I guess I have an issue with the configured certificates (it says the certificate is not trusted and then gives me a SMTP authentication error)… I’ll keep digging and post the answer here just in case anyone is interested.
Just use your server name ( not domain name ) in your mail client (assuming you are using a cert with your server name on it), and all should be good. If that provides you with a suitable solution.
