Question

Creating SSL certificate with certbot when droplet is a subdomain and root domain has SSL

Posted July 25, 2021 378 views
NginxLet's Encrypt

So my problem is this:
I have a root domain which is from 1&1 (Ionos) and that has its own SSL certificate. I also have another server running an application using Digital ocean which also needs an SSL cert. But because this server is a subdomain, certbot just spits this error out whenever I attempt to create a new cert.

sudo certbot –nginx -v

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: chat.crypto******.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Requesting a certificate for chat.crypto***.com
Performing the following challenges:
http-01 challenge for chat.crypto
.com
Waiting for verification…
Challenge failed for domain chat.crypto
.com
http-01 challenge for chat.crypto
***.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: chat.crypto******.com
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for cryptogmrprofiles.com - the domain’s nameservers may be malfunctioning

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Dont split but add ssl to subdomain it self or assign another SSL certificate