The canonical name for my web domain is not on the same server as the subdomains I want to secure

We have a domain where the website is hosted with Weebly using their certificate, but I need to protect a couple of subdomains on our own Ubuntu/Apache server. The server hosting the 2 subdomains I want to protect are already set up using an expensive GoDaddy SAN certificate which is expiring soon, and I'd like to use a Let's Encrypt certificate for them instead.

However, reading through all the documentation I can find, the command line for setting this up always includes the canonical name for the domain, then the subdomains. But the actual domain.com/www.domain.com DNS records do not point to the same IP address as the subdomains, and I can't do anything about the Weebly certificate on the main website.

Is this configuration possible?

-Thanks!

1 Like

Sure, just request a certificate for those subdomain(s) on the server running those subdomain(s).

5 Likes

So, on my Ubuntu/Apache server, I just use:

sudo certbot --apache -d sub1.example.com -d sub2.example.com

...but NOT include the "base domain" "-d example.com", which is on the Weebly system?

3 Likes

Correct

4 Likes

Perfect, thanks very much! I was misled by every tutorial I read, where it seemed like the "base domain" was a required part of the command, but I was obviously just interpreting the examples wrong.

Thanks for your speedy response, really appreciate it!

4 Likes