Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
This is a government website
I ran this command:
It produced this output:
My web server is (include version):
Centos 8 x64
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, plesk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Certbot latest version
I have my main domain letsencrypt enabled hosted off prem by my web host provider. I'm planning to host my subdomain on prem, but uploaded to my web host provider to be accessible online. I successfully installed letsencrypt and certbot on my subdomain. My problem is that i cant enable my ssl on my subdomain using my web host provider plesk due to different ip addresses.
The subdomain is pointed / forwarded to my public ip address which is my web server on prem. When i visit my subdomain, its not ssl. I uploaded my csr or pem files to ssl section in plesk but got an errror due to my webhost provider ip is different on my subdomain. I just use my subdomain from my webhost provider so that its accessible online.
The DNS records are for your domain name, not a specific device or program. You should be able to go through the company's website where your domain is registered. If I knew your domain name, I could look the records up directly.
You need an A (address) record in your DNS for example.com that points to the public IP address of the main website hosted off prem by your hosting provider. Your plesk should belong to this website.
You also need an A (address) record in your DNS for subdomain.example.com that points to the public IP address of the subdomain website hosted on prem by your organization. You would need to install the certificate for this website using something on your organization's server. Warning here: this exposes your organization's server to the outside world (through your firewall if allowed). If you want to avoid this, you would need to make the contents available directly from your hosting provider's server or set up something like a reverse proxy.
So the certificate and its private key need to be on the server for the domain name it is hosting.
For your main domain website, its certificate, chain, fullchain, and private key should be on the server with public IP address of your web provider. When you visit this website (with https in front of the address), you should see a padlock you can click to see the certificate.
For your subdomain website, its certificate, chain, fullchain, and private key should be on the server with public IP address of your on prem. When you visit this website (with https in front of the address), you should see a padlock you can click to see the certificate. If you don't see a padlock (but the address has https), that's the next problem to fix.
A reverse proxy is where a server accessible to the public requests content from a server "behind" it that is not accessible to the public. This protects the "private" server from being accessed directly.
Yes. Btw. Our main domain is not ssl enabled. I'm just trying to ssl my subdomain on prem. One of our subdomain off prem under our main domain is ssl enable so i believe it is posible. I'm just missing something.
My main domain is not ssl. No letsencrypt on that one, but one of my subdomain is ssl enabled with lets encrypt and currently working. Lets call it subdomain A. Sub domain A is hosted by our web provider.
Now, my subdomain B which is on prem, I'd like to enable ssl. I already setup the ssl but when I visit the subdomain, its still not ssl.
Just gonna share might help. My on prem web server has 2 NIC, Nic1 is for our local network, Nic2 works like our DMZ. I have a router which forward public request to my Nic2 when my public ip is being accessed.
When you visit subdomain b from a browser on a machine that's on prem, you get a connection refused error, right? Does the error have an HTTP code? 403 maybe?
When I visit it with https//subdomainB I get connection refused. But when I visit subdomainB directly, there is no error. I can see the apache web test page without any problems
