[solved] SSL for primary domain and multiple subdomains

Please fill out the fields below so we can help you better.

My domain is: sympliving.com

I ran this command:

sudo certbot run --apache --webroot-path=/var/www/live/public -d sympliving.com --renew-by-default -w /var/www/dev/public -d dev.sympliving.com -w /var/www/blog -d blog.sympliving.com

It produced this output:

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for sympliving.com
tls-sni-01 challenge for dev.sympliving.com
tls-sni-01 challenge for blog.sympliving.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.sympliving.com (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS, blog.sympliving.com (tls-sni-01): urn:acme:error:malformed :: The request message was malformed :: Server only speaks HTTP, not TLS

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.sympliving.com
   Type:   malformed
   Detail: Server only speaks HTTP, not TLS

   Domain: blog.sympliving.com
   Type:   malformed
   Detail: Server only speaks HTTP, not TLS

   To fix these errors, please make sure that you did not provide any
   invalid information to the client, and try running Certbot again.

My web server is (include version): Apache/2.4.25 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 17.04

My hosting provider, if applicable, is: Google Compute Engine

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

hi @kneeki

The error is pretty well explained

Server only speaks HTTP, not TLS

Have a look at what the --apache flag does in the documentation User Guide — Certbot 2.7.0.dev0 documentation

Also have a look at the functioning of the --webroot flag: User Guide — Certbot 2.7.0.dev0 documentation

The documentation provides a good mapping of authenticators and which challenges they support

image.png1002×328 20.2 KB

https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins

Feel free to ask questions however your command is flawed as it's trying to use two different authenticators (things that prove that you own the domain at the same time)

Andrei

I found a solution to my problem. It turns out nothing was wrong with my Apache2 configuration files. The problem was with two files, one located in /etc/apache2/sites-enabled and /etc/apache2/sites-available, both files were named 000-default-le-ssl.conf.

I’m unsure how these files got there, but deleting them then using sudo letsencrypt --apache fixed the problem. SSL is up and running on both my primary and sub-domains!

glad you got it sorted

btw - not to be picky but deleting the files below is to do with apache configuration files files in those locations are used by apache when it loads.

000-default-le-ssl.conf

Andrei

The -le is for “Let’s Encrypt”. Those files were previously created by Certbot!

So, it was probably a bug in how Certbot interacted with the existing configuration. I’m not sure exactly what the problem was without seeing the whole configuration.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.