Www.domain.com, domain.com - same vhost requiring dedicated certs


#1

I have a virtualhost listening on www.domain.com and domain.com (which is a pretty common setup).
Do I have to create two certs for each of the hostnames and split up the vhosts into two vhosts or can one cert be used for both hostnames?

Andreas


#2

You can do this using one cert using subject Alternative Names. When running the ACME client to issue the certs and verify your domains you will be prompted to enter your domain names (plural). Just type both domain.com www.domain.com and the certificate will be valid for both of those names if your server passes verification (both names currently resolve there).

See: subjectAltName Certificates for more.

Hope this helps.


#3

This does not seem to work properly.

I created one cert for

www.zopyx.com
zopyx.com

and both hostnames cause trouble (see screeenshot).

Andreas


#4

The certificate in your screen shot doesn’t appear to have been issued by Let’s Encrypt. Granted, my German is VERY poor, but this appears to have used a “happy hacker fake CA” to issue the certs.

If done correctly the certificate should be issued by Let’s Encrypt Authority


#5

Exactly, the certificates where provided by the “wrong” CA. I assume you’ve used either an own development instance of the Boulder CA server, or the Let’sEncrypt Staging URL.
If your domains were accepted for the beta program, please read the docs carefully and change the registration URL of your LE client accordingly.


#6

Mea culpa, I forgot to specify the --server option.