apache2
Debian 6.1
hosting provider is Vultr
yes I can login to a root shell
no control panel to manage my site
using certbot 2.1.0
I don't think I remember how to do this correctly.
My site's SSL certificate works but the problem is that whenever I replace www. with a wildcard subdomain name I'm directed to an insecure version of my website.
I have a subdomain that has a successful SSL configuration at https://blog.alexisburrows.xyz
But if you type for instance: yyy.alexisburrows.xyz, the browser has a misconfigured SSL cert warning and you are lead to the insecure site.
I might have misconfiguration something in Apache config files but I'm not sure. I'm so sorry to ask for help because I used to know how to do this but life has been rough. Thanks so much for your help.
I'm sorry I have done it a few times on my server and I revoked them just recently and tried again. I ran into problems and manually deleted files.
I haven't done this in a long time.
Is that a normal behavior? going to an insecure version of the site when any subdomain is typed in place of www? I remember in the past that never happened, It was just like a 404 page or and apache page that says "Not Found"
Ty for the welcome and for your response Bruce.
Should I try to reinstall the entire server and start from scratch? I'm not sure where to begin now that I've made such a mess.
Yes, your certificate must include either that explicit name or a wildcard notation like *.alexisburrows.xyz
If you just have a small number of domain names then just get a cert for each name and configure Apache VirtualHost accordingly.
For example, if you want a cert for yyy.alexisburrows.xyz just run that same Certbot command but just using that name as -d. You must also setup a VirtualHost to listen on port 80 with a ServerName for that yyy subdomain.
I looked at your older threads and saw your domain was (is) pastlife.works
I did not see any wildcard cert for that domain either.
But, if you really need a wildcard cert you must use a DNS Challenge to get it. These are often more difficult to setup and automate. Automation requires that your DNS provider (vultr) support an API to modify the the needed records and for your ACME Client (Certbot) to support it. Your DNS provider has an API but Certbot does not readily support it. Other ACME clients do (like acme.sh). See: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
Thank you both for helping
I might have misunderstood the problem and made the wrong title.
I don't want a wildcard subdomain accessible at all.
The only sites I want working is the main domain, and the sub domain, blog.
I thought I misconfigured something because you can type anything as a subdomain to go to the http version. Like mail. or https://anyword.alexisburrows.xyz
I don't know why it doesn't just lead to an apache Not Found page like it should.
Oh, you have a wildcard setup in your DNS (different than the cert).
So, all names you type get sent to your server's IP (your Apache).
If Apache does not recognize the domain name it uses the default VirtualHost to process it. You may want to setup a different default VirtualHost so that it does what you want. Or, just remove the wildcard from your DNS. Then, if someone tries wrong1.alexisburrows.xyz they will get an ugly message saying something like "name not found"
Your DNS
*.alexisburrows.xyz. 297 IN CNAME alexisburrows.xyz.
alexisburrows.xyz. 300 IN A 144.202.74.53
