Tried to use --expand; all I got was an error message

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.questview.com

I ran this command: certbot --expand -d questview.com,thinview.com,touchtonecorp.com,wintouch.com,www.questview.com,www.thinview.com,www.touchtonecorp.com,www.wintouch.com,wtweb.touchtonecorp.com,codeondemand.touchtonecorp.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

My web server is (include version): Apache httpd, 2.4.41

The operating system my web server runs on is (include version): Amazon Linux 2

My hosting provider, if applicable, is: Amazon AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

The cert is under questview.com. The existing SANs are thinview.com,touchtonecorp.com,wintouch.com,www.questview.com,www.thinview.com,www.touchtonecorp.com,www.wintouch.com. I am attempting to add SANs wtweb.touchtonecorp.com and codeondemand.touchtonecorp.com

Hi @hbquikcomjamesl

is this a good idea?

Do you have one port 80 vHost with all of these domain names?

If not, that may be the reason of your error message.

But it may be easier and better, if you create certificates per main domain (non-www and www) -> then port 80 vHosts with the same set of domain names.

Or use certonly and create the port 443 vHost manual.

Did you use --apache to create the original certificate? Did that work at that time?

I didn’t create the original certificate; others in the company did. Be that as it may, it was created following the procedure given at this procedure at the end of an AWS tutorial.

That said, the procedure calls for installation with
sudo yum install -y certbot python2-certbot-apache
and then calling certbot with
sudo certbot

It somehow knew that it was tying into an Apache server, and it went through all of the VirtualHost blocks in the system, even though each resides in a different file in /etc/httpd/conf.d, and (from what I’m told) it even generated new domain-le-ssl.conf files corresponding to the existing .conf files.

Thanks!

Is each of the names that you included in the unsuccessful --expand command currently listed in an active Apache virtualhost on this system?

Oh, for heaven’s sake! I found the problem as I was in the process of building a reply to your last question.

I’d included both the non-SSL and SSL versions of the VirtualHost block in the new .conf file, but the SSL version was malformed (which makes me wonder why Apache tolerated it, but that’s neither here nor there): I left out the
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /<path>.pem
SSLCertificateKeyFile /<path>.pem
and the </IfModule> at the end, after the </VirtualHost>!

I fixed that, and tried the command again, and this time it worked fine.

THANKS!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.