Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: leads.expressgroup.ca
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I need to know which file to eddit to add “-d sitename.ca”
nginx and certbot and letsencrypt are installed
I ran this command: none yet
It produced this output: none
My web server is (include version): not sure
The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-169-generic x86_64)My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or if you’re using Certbot): root@host:/etc# certbot --version
From the output I didn’t see certbot is installed.
Could you please share us the output of ./certbot-auto --version?
If you are saying you need to add -d sitename.ca, does that means you want to add that domain to a existing certificate? Or you want to have a new certificate for that domain?
If you want to add it to a new certificate, you should run ./certbot-auto -d sitename.ca (or certbot depends on what you actually installed)
I see certbot under /opt/letsencrypt and then under /opt/eff.org
The site runs on another server and cnamed and is pointed from the main server to that server
I have a question I see the site in question https://leads.expressgrop.ca has a valid cert, this site is the one I was questioning about.
So the question: Is it true that if the main server and cert is vaiid that every subdpmain will be valid too? It seems to be the case?
That's not true (in your case).
If you want a certificate that would cover both the main domain (site) and the subdomain (first level, such as lead.expressgroup.ca, somethingelse.expressgroup.ca, anotherthing.expressgroup.ca), this are called wildcard certificate.
For example, see this certificate, it's a clear example of wildcard certificates. Note that this would only cover the first level subdomain.
In your case, your main domain hosted on your company's server located in Digital Ocean, and the subdomain you mentioned is by another hosting provider in Google Cloud. It's highly likely (if not you) the hosting provider automatically requested a certificate for this particular subdomain.
Since you use Digital Ocean as your DNS provider, you can utilize their API with a supported acme client to obtain a wildcard certificate, as it can only be obtained by DNS validation.
tl.dr. The assumption you made can be true, but it's not true in your case. Get a wildcard certificate if you want to cover your domain with all first-level subdomain.