--webroot-path SAN multidomians folders


#1

Hello,

I have a problem here. As you can see, I have every subdomain and domains in folder from my hosting provider.

I need to make SAN multi-domain certificate for this. Becuase is at webhosting, where I can´t open SSH for root of course, i mounted it with curlFTP to /mnt/LFCZ so the way to screened folder (/www/domains/) is /mnt/LFCZ/www/domains

So, as you can see. I want to make SAN certificate for this and get Certificate, nad Private key for my administration panel of my hosting provider (WEDOS). As you can see, I can add only one certificate for all domains/subdomains.

Administration (I translated it to EN form CZ :smirk: ):

I can post only one image as i novice, so there is a link to AdminScreen: http://www.imagehosting.cz/images/adminpanel.png

I get this Error from letsencrypt:

Commnd: ./letsencrypt-auto certonly --webroot -w /mnt/LFCZ/www/domains -d life-games.cz -d www.life-games.cz -d www.lf-cz.net -d lf-cz.net -d aukce.lf-cz.net -d launcher.life-games.cz -d residence.life-games.cz -d dl.life-games.cz -d data.life-games.cz -d stats.life-games.cz -d profistats.life-games.cz -d up.life-games.cz

Error: It is too long to post it here :wink: Link: http://pastebin.com/tjzZCcyD
PS: Error 500 means Error 404 due to .htacces hosting settings.

Can you help me with it? I am running Debian on my VPS, nadI can´t get to webserver SSH because it´s webhosting. And if there is way to make effective auto.renewal can you help me too? I am novice at SSL, thanks very much :wink:

Simon


#2

The .htaccess part you should try to fix yourself, because I haven’t got a clue what’s in that and how to fix that.

But what I do know is that you should have multiple -w switchs: one for every domain. The -w switch needs the exact webroot folder for the domain, not a parent folder with all domains in it. So it should be -w /mnt/LFCZ/www/domains/yourdomain/htdocs -d yourdomain -w /mnt/LFCZ/www/domains/anotherdomain/htdocs -d anotherdomain


#3

OH OK… I see…

but what about auto-renewal for this? I am lost in that system :frowning: But more than one -w switches is allright. :slightly_smiling: And Second question, When I will have auto-renewal a nd I will wan to add domain/subdomain, I will just edit the auto-renewal command?
Thank you very much! :slight_smile:


#4

And one more problem :confused:
I´m geetting this Error:

The error was: PluginError("Couldn't create root for {0} http-01 challenge responses: {1}", 'profistats.lf-cz.net', OSError(1, 'Operation not permitted'))

In this Error, the domain name is random in every run.

I am confused :frowning:


#5

Auto-renewal through a system which isn’t the actual server is ofcourse quite a hassle: normally you would use the Apache of nginx plugin for total automation, but of course, that isn’t possible if the renewal-program (script and LE client) is ran on a different system.

And “Operation not permitted” could be some form of file system permission problem with your curlFTP system. I have no experience with that, so how to correctly set permissions with that system: I don’t know. When looking at the source, it looks like the problem is with the creation of the /.well-known/acme-challenge/ directory. You could try to mkdir this directory yourself from the same system as where you’re running the LE client from. With the same user and so on. You’ll probably get some soft of same error: some access/permission problem. If you fix that, the LE client probably won’t complain anymore either.