Subdomain cert maybe wrong setup

Hello,

I’m running Wordpress certified by Bitnami on Google cloud VM instance, and I have trouble with setting cert for subdomain.

My site is under domain www.domain.com but my subdomain (set up as virtual host in /home/PROJECT/apps/wordpress/conf/httpd-vhosts.conf ) static.domain.com points to www.domain.com/wp-content/ so that I can server static content from cookieless subdomain.

SSL cert for domain.com work Ok, but problem is that I cannot generate certificate for subdomain because it says that type is unautorized.

Directory browsing is disabled for subdomain.

I think that permissions are problem. Can someone please help with this setup.

Thanks

When I try to run

root@website-vm:/tmp/certbot# ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d static.domain.com

I get error:

Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for static.domain.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. static.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.domain.com/.well-known/acme-challenge/Zutn_kd1W9_VJNRIOuQcEx1PFo98Xnx3pRwJC5wlxUQ: "

500 Internal Server Error

Inter"

IMPORTANT NOTES:

static.domain.com is resolved ok by web browser. If I create file test.txt under

www.domain.com/wp-content/test.txt I can see that file in browser.

When you are using different document roots for these domains, i would recommend redirecting the location //static.domain.com/.well-known/acme-challenge to //www.domain.com/.well-known/acme-challenge. So you can place both challenges into one directory.

This is httpd-vhosts.conf

<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/domain.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/domain.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/domain.com/chain.pem"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<VirtualHost *:443>
ServerName static.domain.com
ServerAlias www.static.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs/wp-content"
SSLEngine on
#certs not generated
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

This is not relevant for http, only for https. You are using http-01 authentication.

<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<VirtualHost *:80>
ServerName static.domain.com
ServerAlias www.static.domain.com
DocumentRoot "/opt/bitnami/apps/wordpress/htdocs/wp-content"
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

Try adding the following to the second virtual host:

Redirect /.well-known/acme-challenge/ Website Domain Names, Online Stores & Hosting | Domain.com

Please note: domain.com should be the real domain name.
You have to restart your webserver software (Apache) afterwards.

This is real domain pointed to google cloud dns zone.

Resolving is not the issue.

I will try your your suggestion later and let you know.

Thanks

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/static.domain.com/fullchain.pem

Thanks !!