Subdomain cert maybe wrong setup

Hello,

I’m running Wordpress certified by Bitnami on Google cloud VM instance, and I have trouble with setting cert for subdomain.

My site is under domain www.domain.com but my subdomain (set up as virtual host in /home/PROJECT/apps/wordpress/conf/httpd-vhosts.conf ) static.domain.com points to www.domain.com/wp-content/ so that I can server static content from cookieless subdomain.

SSL cert for domain.com work Ok, but problem is that I cannot generate certificate for subdomain because it says that type is unautorized.

Directory browsing is disabled for subdomain.

I think that permissions are problem. Can someone please help with this setup.

Thanks

When I try to run

root@website-vm:/tmp/certbot# ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d static.domain.com

I get error:

Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for static.domain.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. static.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.domain.com/.well-known/acme-challenge/Zutn_kd1W9_VJNRIOuQcEx1PFo98Xnx3pRwJC5wlxUQ: "

500 Internal Server Error

Inter"

IMPORTANT NOTES:

static.domain.com is resolved ok by web browser. If I create file test.txt under

www.domain.com/wp-content/test.txt I can see that file in browser.

When you are using different document roots for these domains, i would recommend redirecting the location //static.domain.com/.well-known/acme-challenge to //www.domain.com/.well-known/acme-challenge. So you can place both challenges into one directory.

This is httpd-vhosts.conf

<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/domain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/domain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/domain.com/chain.pem"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<VirtualHost *:443>
ServerName static.domain.com
ServerAlias www.static.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs/wp-content"
SSLEngine on
#certs not generated
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

This is not relevant for http, only for https. You are using http-01 authentication.

<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<VirtualHost *:80>
ServerName static.domain.com
ServerAlias www.static.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs/wp-content"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

Try adding the following to the second virtual host:

Redirect /.well-known/acme-challenge/ http://domain.com/.well-known/acme-challenge/

Please note: domain.com should be the real domain name.
You have to restart your webserver software (Apache) afterwards.

1 Like

This is real domain pointed to google cloud dns zone.

Resolving is not the issue.

I will try your your suggestion later and let you know.

Thanks

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/static.domain.com/fullchain.pem

Thanks !!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.