Www and non www (ONE CERTIFICATE)


#1

Hi There,

I have validated both www and non www versions of one domain using achme sharp folling this tut https://www.youtube.com/watch?v=SVUY7ygbGm8

MY ISSUE: How do I issue one certificate for www and non www of domain.com

This is the command is used for www version and the same for non www version:

cd c:\Vault
Import-Module ACMEPowerShell
Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
New-ACMERegistration -Contacts mailto:cert@domain.com
Update-ACMERegistration -AcceptTOS

New-ACMEIdentifier -Dns www.domain.com -Alias www.domain.com_Alias
New-ACMEProviderConfig -WebServerProvider IisSitePath -Alias www.domain.com_Provider
Get-ACMEIdentifier -Ref www.domain.com_Alias
Complete-ACMEChallenge -Ref www.domain.com_Alias -Challenge http-01 -ProviderConfig www.domain.com_Provider

Submit-ACMEChallenge -Ref www.domain.com_Alias -Challenge http-01
Update-ACMEIdentifier -Ref www.domain.com_Alias

New-ACMECertificate -Identifier www.domain.com_Alias -Alias www.domain.com_Certificate -Generate

Submit-ACMECertificate -ref www.domain.com_Certificate

Update-ACMECertificate -ref www.domain.com_Certificate

Thanks Any help Appreciated

Tommy


#2

You need to submit both domains at once to your ACME client you use.
The command you pasted here are clearly not the ones you ran, but just taken out of an example and I guess you can replace www.domain.com with domain.com and www.domain.com_Alias with www.domain.com (or reverse).


#3

Not sure i get what you mean. I have verified both versions of domain.com with and without the www in url . I am able to issue two certificates the bit im stuck on is How do I issue one certificate? Im not sure how to run the cmd line.

Thanks Tommy


#4

This is what I tried. Issues a certificate for www.domain.com and not for domain.com basicly I want access to my site with www and non www bit with one certificate.

cd c:\Vault
Import-Module ACMEPowerShell
Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
New-ACMERegistration -Contacts mailto:mail@domain.com
Update-ACMERegistration -AcceptTOS

New-ACMEIdentifier -Dns www.domain.com -Alias domain.com
New-ACMEProviderConfig -WebServerProvider IisSitePath -Alias www.domain.com_Provider
Get-ACMEIdentifier -Ref domain.com
Complete-ACMEChallenge -Ref domain.com -Challenge http-01 -ProviderConfig www.domain.com_Provider

Submit-ACMEChallenge -Ref domain.com -Challenge http-01
Update-ACMEIdentifier -Ref domain.com

New-ACMECertificate -Identifier domain.com -Alias www.domain.com_Certificate -Generate

Submit-ACMECertificate -ref www.domain.com_Certificate

Update-ACMECertificate -ref www.domain.com_Certificate


#5

But you did use cmd? Because the commands you show here seem to be cmd commands.

Could you please explain what www.domain.com_Provider and www.domain.com_Certificate are?


#6

Hi

Im doing this manually powershell on windows 10


#7

As I understand lets encrypt:

I am using this tut https://www.youtube.com/watch?v=SVUY7ygbGm8

I am able to verify www.example.com
I am also able to verify example.com

The bit where I am Stuck at: I want to issue 1 Certificate for both

www.example.com

AND

example.com

Thanks
Tommy


#8

What you’re looking for is a SAN (Subject Alternative Name) certificate. This is described here in the ACMESharp wiki. The relevant flag seems to be -AlternativeIdentifierRefs, so in your case you’d use something like -AlternativeIdentifierRefs example.com,www.example.com instead of -Identifier example.com, if I’m reading this correctly.


#9

Hi There,

Im using version 0.71 ACMESharp will that work?


#10

Sorry, I’m not overly familiar with that client, so I don’t know when this flag was introduced. It should definitely be in the latest version given that it’s mentioned in the docs.


#11

This the way I was issueing a certificate on powershell.

cd c:\Vault
Import-Module ACMEPowerShell
Initialize-ACMEVault -BaseURI https://acme-v01.api.letsencrypt.org/
New-ACMERegistration -Contacts mailto:cert@domain.com
Update-ACMERegistration -AcceptTOS

New-ACMEIdentifier -Dns www.domain.com -Alias www.domain.com_Alias
New-ACMEProviderConfig -WebServerProvider IisSitePath -Alias www.domain.com_Provider
Get-ACMEIdentifier -Ref www.domain.com_Alias
Complete-ACMEChallenge -Ref www.domain.com_Alias -Challenge http-01 -ProviderConfig www.domain.com_Provider

Submit-ACMEChallenge -Ref www.domain.com_Alias -Challenge http-01
Update-ACMEIdentifier -Ref www.domain.com_Alias

Then I would repeat the process without www

What you are saying instead of this:

New-ACMECertificate -Identifier www.domain.com_Alias -Alias www.domain.com_Certificate -Generate

Submit-ACMECertificate -ref www.domain.com_Certificate

Update-ACMECertificate -ref www.domain.com_Certificate

I would have this:

New-ACMECertificate -AlternativeIdentifierRefs example.com,www.example.com -Alias www.domain.com_Certificate -Generate

Submit-ACMECertificate -ref www.domain.com_Certificate

Update-ACMECertificate -ref www.domain.com_Certificate

Does that look right too you.

Thanks Tommy


#12

In my last reply obviously example.com was meant to be domain.com


#13

I’m not sure whether the -ref flag is needed, the current docs seem to just use Submit-ACMECertificate cert1 and Update-ACMECertificate cert1 (where cert1 is the -Alias value set before). Might be a change introduced after 0.71, or maybe it works with -ref as well. Other than that, the commands look right to me.


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.