Question
How to set up domains & certificates for root doman and www subdomain
I have a droplet running CentOS 8 that I’m attempting to set up certificates for both the www and root domains.
(foo* replaces actual domain name wherever it occurs in the following discussion).*
Certificates have been created for both foo.dev and www.foo.dev in the terminal via certbot.
I’m running Apache.
$ sudo certbot certificates
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: foo.dev
Serial Number: ------------------------------DFD0
Domains: foo.dev
Expiry Date: 2020-11-19 16:21:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/foo.dev/fullchain.pem
Private Key Path: /etc/letsencrypt/live/foo.dev/privkey.pem
Certificate Name: www.foo.dev
Serial Number: ------------------------------E106
Domains: www.foo.dev
Expiry Date: 2020-11-19 19:38:52+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.foo.dev/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.foo.dev/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The virtualHost records (DocumentRoot points to the same location on the server):
$ cat /etc/httpd/conf.d/foo.dev.conf
<VirtualHost *:80>
ServerName foo.dev
DocumentRoot /var/www/foo.dev
ErrorLog /var/log/httpd/foo.dev-error.log
CustomLog /var/log/httpd/foo.dev-access.log combined
</VirtualHost>
$ cat /etc/httpd/conf.d/www.foo.dev.conf
<VirtualHost *:80>
ServerName www.foo.dev
DocumentRoot /var/www/foo.dev
ErrorLog /var/log/httpd/www.foo.dev-error.log
CustomLog /var/log/httpd/www.foo.dev-access.log combined
</VirtualHost>
$
I’m unable to connect in Safari to the root domain (foo.dev). The problem is a name mismatch.
Both foo.dev & www.foo.dev resolve to the same IP address.
When I check the server for foo.dev on digicert, (referencing certificate for www.foo.dev) indicates that “Certificate does not match name foo.dev”.
Apparently, when accessing the root domain (foo.dev), it’s using the certificate for the www subdomain (www.foo.dev, as opposed to foo.dev), causing
Safari to refuse to connect. (I can connect via Paw by accepting the mis-matched certificate).
I have A, AAAA, & NS(3) domain records for both the root domain (foo.dev) and www domain (www.foo.dev)
What is the suggested or preferred solution to handling SSL connections and certificates for both the root (foo.dev) and www (www.foo.dev) subdomain?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×