Setup multiple subdomains


#1

Hello,
I use apache.
I need to set up 245 subdomains, and the limit is 100 so first I add all 245 subdomains like “ServerAlias”
<VirtualHost *:80>
ServerAdmin info@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
ServerAlias ad.mydomain.com
ServerAlias ae.mydomain.com
ServerAlias af.mydomain.com
ServerAlias ag.mydomain.com
Then i run: certbot --apache
and I select: 1,2,3,4…100
All fine… then I run again: certbot --apache
and I select: 101,102…198 …
Is doing fine but I get an red error:
Failed redirect for im.mydomain.com
Unable to set enhancement redirect for im.mydomain.com
And the SSL is not working

These steps are correct?
Y tried with “ServerAlias *.mydomain.com” … I do’it manual with “certbot-auto” and he create a cert but none of the subdomain works on ssl.

Any solutions?

Thank you!


#2

You are not going to be able to use a non-wildcard in this case.

A VirtualHost can only have a single SSL certificate, and a single SSL certificate can only have upto 100 domain names featured on it.

You should go back to this approach. Use a wildcard, and then tell us exactly what troubles you run into.

“none of the subdomain works on ssl” is not enough for us to be able to help you.


#3
root@MYDOMAIN ~/certbot # ./certbot-auto certonly --manual -d *.MYDOMAIN.com --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/MYDOMAIN.com-0001/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/MYDOMAIN.com-0001/privkey.pem
   Your cert will expire on 2019-06-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@MYDOMAIN ~/certbot #

Then I look at the certificates (the second one was made with “certbot --apache”)

root@MYDOMAIN ~/certbot # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.31.0 renewal configuration file found at /etc/letsencrypt/renewal/MYDOMAIN.com-0001.conf with version 0.28.0 of Certbot. This might not work.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: MYDOMAIN.com-0001
    Domains: *.MYDOMAIN.com
    Expiry Date: 2019-06-02 04:01:57+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/MYDOMAIN.com-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/MYDOMAIN.com-0001/privkey.pem
  Certificate Name: MYDOMAIN.com
    Domains: MYDOMAIN.com es.MYDOMAIN.com www.MYDOMAIN.com
    Expiry Date: 2019-06-02 03:09:31+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/MYDOMAIN.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/MYDOMAIN.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@MYDOMAIN ~/certbot #

So I try https://cl.MYDOMAIN.com and is not working… What could be the problem??
Thank you!


#4

OK, I fix this, first with “certbot --apache” then with
certbot certonly --manual -d MYDOMAIN.com -d *.MYDOMAIN.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

In the .conf I have:
<VirtualHost *:80>
ServerAdmin info@mydomain.com
ServerName mydomain.com
ServerAlias *.mydomain.com
DocumentRoot /var/www/mydomain.com/www

Thx to all! See you in 3 months :slight_smile:


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.