This has now returned an output-1234
I have now successfully issued, install and deployed the certificates for smartwealthadvisors.com after removing the reference to the subdomain-app.smartwealthadvisors.com in my commands. But I’m now getting a verify error-DNS problem when I issue a command for just the subdomain.
I cannot resolve the address either. Did you add the subdomain to your DNS?
How do I do that? It’s a live subdomain with SSL, I just want to reissue using let’s encrypt.
No it's not. When I surf to the URL http://app.swealthadvisors.com/ I'm getting a "app.swealthadvisors.com ’s server IP address could not be found." error from my Chromium webbrowser.
The authorative DNS servers (ns21.domaincontrol.com and ns22.domaincontrol.com) return a "NXDOMAIN" when asked for app.swealthadvisors.com
meaning the DNS server doesn't know that subdomain.
However, in my personal opinion (as a volunteer on this community), it is outside the scope of this Let's Encrypt community to tell and/or learn you how to manage your DNS zonefile.
Ah, figures a lot
I just used the URL provided by you in:
Error was from my earlier response. Apologies
I still need help here. The same issue command that was successful for the main domain is giving a verify error-invalid response for a valid and active subdomain. I’m at a loss as to why the verification failed when everything else appears to check out. What should I check/fix to correct this. Is there a separate/different issue command for a subdomain/wildcard? Thanks
Your main domain and subdomain likely have different webroots.
The exact same command isn’t likely to work for both, the -w
parameter has to point to the correct webroot for the specific domain you’re issuing for.
On https://github.com/acmesh-official/acme.sh/wiki/Simple-guide-to-add-TLS-cert-to-cpanel, there is a command which shows how to identify the webroot for your domains and subdomains, if you don’t already know it.
uapi DomainInfo single_domain_data domain=_EXAMPLE.COM_ | grep documentroot
So you could try something like:
uapi DomainInfo single_domain_data domain=smartwealthadvisors.com | grep documentroot
uapi DomainInfo single_domain_data domain=app.smartwealthadvisors.com | grep documentroot
uapi DomainInfo single_domain_data domain=www.app.smartwealthadvisors.com | grep documentroot
and then follow along with the right webroots.
If the issue command worked for www.smartwealthadvisors.com without any verify error, why not for app.smartwealthadvisors.com? Or should I have put in *.smartwealthadvisors.com along with smartwealthadvisors.com to account for both ‘app.’ and ‘www.’ in my initially successfully issued certificate?
Thanks for this. Let me give it a shot.
I just checked and I followed the correct webroot.
The 3rd option returned nothing
If it is the correct webroot, then you should be able to place an file in $WEBROOT/.well-known/acme-challenge/test.txt
and access it at http://app.smartwealthadvisors.com/.well-known/acme-challenge/test.txt.
If we can get that to work, then we can issue a certificate with acme.sh.
That's OK, I just wasn't sure whether the www was the subdomain alias or not.
I already did an echo test and it returned the output
My thoughts exactly..
Can I see the test.txt
file working myself?
Not that I don’t believe you, but there’s really nothing else that can be going wrong.