Let's Encrypt subdomain configuration best way

April 4, 2016 1.1k views
Let's Encrypt DNS Debian

Hi all,

I have multiple machine and a reverse proxy to route web request to good server.

Machine 1 :
Machine 2 :

I want to secure web server by using Let's Encrypt free certificat.

Can I ask certificats for and or have I to define two subdomains to my domain provider and generate certificats for and

Thanks for your help

1 comment
  • <VirtualHost>
    DocumentRoot /var/www/html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

    This has been written by you to select a specific SSL Certification for each servername below sub domain

    DocumentRoot /var/www/exampletext/public_html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

    this is my httpd.conf if access my domain or you'll see main and sub got their certification

    you can simple just generate a certification using certbot-auto for that sub domain then just put the path to that certfile for sub

2 Answers


In order to use SSL for both hostnames, you will need to generate one certificate per hostname but you can use the SAN field in the SSL certificates to define the www alias.

Please let us know if there is anything else we can help you with.

DigitalOcean Support
Check out our community for great tutorials, articles and FAQs!

  • Hi Mike, I am having trouble with this too, my main domain is working fine, but the www is throwing warnings in the browser (and it says its registered to bing??) at first, the main domain worked, then I added another cert for www, that messed things up and both threw errors. I then revoked the www cert, and created a new cert with both man and www and opted to "expand" and replace old certs, now main domain works fine but www is throwing errors.

    domain is

    any help would be much appreciated!

    ps how do I not get spamblocked? I tried to post this question on the community twice, and got spam smackdowned both times.

Hello mragusa,

thanks for your answer. I'm not sure to understand your answer. If I understand, I can generate with Let's Encrypt a certificat for both hostnames?


Have another answer? Share your knowledge.