I created two separate certificates using certbot for two separate domains, giftyweddings.com and cdnupload.com. The first certificate looks fine, with common name giftyweddings.com and alternate names giftyweddings.com, www.giftyweddings.com. But SSL Labs shows that the second certificate I created, for cdnupload.com/www.cdnupload.com, contains the certificate for that domain PLUS the giftyweddings.com certificate as “Certificate #2”. Browsers don’t seem to care about this, but I’d like to know how I can create the separate separate certificates without the giftyweddings.com injecting itself into the cdnupload.com one.
The certbot command lines I’m using are:
sudo /usr/local/bin/certbot certonly --webroot -w /var/www/html/giftyweddings.com -d giftyweddings.com -d www.giftyweddings.com
sudo /usr/local/bin/certbot certonly --webroot -w /var/www/html/cdnupload.com -d cdnupload.com -d www.cdnupload.com
Links to the SSL Labs reports are:
- https://www.ssllabs.com/ssltest/analyze.html?d=giftyweddings.com
- https://www.ssllabs.com/ssltest/analyze.html?d=cdnupload.com
I could also create a single certificate for all four domains/subdomains, but that seems non-ideal too, as then the common name for cdnupload.com would be “giftyweddings.com” and that seems weird.
Any idea why the two certs are “interfering” with each other and how to fix that? Or any other recommendations or best practices?