Why certbot suggests a subdomain?

Hi, sorry for not providing my domain.

Just want to ask, if you know why certbot suggesting me a subdomain which seems not in my dns settings?
Thank you.

My domain is: example.com

I ran this command: certbot certonly --apache

It produced this output: Which names would you like to activate HTTPS for?


1: m.example.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu 20.04
My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.10.0

1 Like

The apache plugin gets its hostnames, if none are manually chosen, from your Apache configuration, not from DNS. You can manually choose a hostname with the -d option. It doesn't necessary needs to be set in the Apache configuration, although we've seen on this Community that some Apache configurations aren't really compatible with the apache plugin, so YMMV.

2 Likes

It produces that output, because that name is found in the Apache config.
Try:
apachectl -S
[to see for yourself what certbot would see]

1 Like

Thanks. Played with certbot certonly --webroot -w /var/www/example -d www.example.com -d example.com -w /var/www/other -d other.example.net -d another.other.example.net
https://certbot.eff.org/docs/using.html#webroot
and got:

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/...

But thanks too

it seems I need to have a look in my Apache config...
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message VirtualHost configuration:...

2 Likes

Yes, Apache will try to run at all cost.
Which is not always a good thing.
It is best to always ensure the config it set correctly (even if apache runs, it may be faulty).

1 Like

I'm wondering how it even works now, without multiple virtualhosts, if you're running at least two different sites, looking at the two different webroots. Are you using IP based virtualhosts in stead of name based?

@rg305 While I agree it's probably better to heed the Apache warning, it isn't mandatory as you could use IP based vhosts too. Would be even better, no SNI required for TLS for example.

2 Likes

My statement holds either way. I don't think he showed all of the output.
And I would agree that that part isn't too critical in the grand scheme of things.

1 Like

with
apachectl -S
I saw that I was installing phpmyadmin. And in "phpmyadmin.conf" I remembered I made this m.subdomain!! :face_with_monocle:

https is working, only my domain stuff index.html is not showing anymore...
Thanks for helping. Need to learn more about Apache!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.