I am trying to follow various tutorials, but something is off. I need to start over.
I have a website that has 1 main domain (ivo-welch.info) and, say, 3 subdomains (www, cfr, book). my goal is https access in addition to http access. nothing fancy. vanilla install. ubuntu. nginx.
first, I opened up /.well-known in /etc/nginx/sites-available/ivo-welch.info.conf for each and every subdomain (server block).
location ~ /.well-known {
allow all;
}
second, I created empty directories in
/var/www/ivo-welch.info/html/.well-known <-- domain
/var/www/ivo-welch.info/www/.well-known # may not be needed <-- subdomain www
/var/www/ivo-welch.info/book/.well-known
/var/www/ivo-welch.info/cfr/.well-known
third, my magic invokation:
certbot certonly --webroot --webroot-path=/var/www/ivo-welch.info/html \
-d ivo-welch.info -d www.ivo-welch.info -d book.ivo-welch.info -d cfr.ivo-welch.info
Presumably, something goes into /var/www/ivo-welch.info/html/.well-known/*acme*...
, and magically allows my users to use https thereafter. as you may suspect, it’s not what I am getting:
www.ivo-welch.info (http-01): urn:acme:error:unauthorized :: \
The client lacks sufficient authorization :: \
Invalid response from http://www.ivo-welch.info/.well-known/acmechallenge/blahblah: "
... a few more
easy, I think. certbot one per subdomain then. fortunately, this gives me no more errors on certbot creation times. unfortunately, now all sorts of interesting warnings and errors appear about how I already have some certificates, whether I want to expand things, etc. I tried a few of these variations, but the end result is that browsers get certificate errors, telling them that book.ivo-welch.info is my www.ivo-welch.info certificate, etc.
so, apologies, I need help:
[a] how do I start over? does the letsencrypt server have snippets related to ivo-welch.conf stored that could mess up further attempts of mine? or should I just remove locally /etc/letsencrypt, /var/*/letsencrypt?
[b] once I am back to zero, what is the recommended way of letsencrypt certbot with a few subdomains?
advice appreciated.
sincerely,
/ivo welch