LetsEncrypt share serteficate with subdomain?

Hello, i have issue with sharing certeficate with subdomains.

Using Debian 9, Nginx. Installed successfully on my and

But, when i try to share this certeficate with subdomain like, it shows ERROR

username@Debian:/etc/nginx/sites-available$ sudo certbot certonly -a webroot --webroot-path=/var/www/domain-d --expand
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/www/domain/phppgadmin for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I have certeficate for + But i need to use subdomain for PhPPgAdmin. I have also configured in my 1& account. It show that i own that subdomain. Certeficate renew command for works fine, when i try add -d it shows message to reissue cert Y/N. But when it comes subdomain, got ERROR. My DNS settings for subdomain same as Also, configured DigitalOcean domain records like that:

Type	Hostname	        Value	                     TTL (seconds)	
CNAME    is an alias of    	43200 
AAAA    directs to     2a03:b0c0:2:d0::349e:1001    3600 
CNAME	*    is an alias of    43200 
A    directs to    178.62.***.**    3600
A 	directs to   178.62.***.**    3600 
AAAA   directs to   2a03:b0c0:2:d0::349e:1001   3600  
NS      directs to    1800 
NS      directs to     1800 
NS      directs to     1800

In addition, i want to tell that i was able to visit my for a while and use PhPPgAdmin. But after indexing i got this ERROR

Your connection is not private

Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). Learn more
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy

ReloadHIDE ADVANCED normally uses encryption to protect your information. When Google Chrome tried to connect to this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

Any firewalls disabled, not helped. If i ping my it is fine with packages.


server {
         listen 443 ssl http2 default_server;
         listen [::]:443 ssl http2 default_server;

        root /var/www/domain/public;

        index index.php index.html index.htm index.nginx-debian.html;


        include snippets/;
        include snippets/ssl-params.conf;
        location ~ /.well-known {
                allow all;
         if ($scheme != "https") {
                return 301 https://$host$request_uri;

        location / {
                try_files $uri $uri/ /index.php?$query_string;

     location ~ [^/]\.php(/|$) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                include fastcgi_params;

        location ~ /\.ht {
                deny all;

# PhpPgAdmin, redirect to phppgadmin for managing DB
        root            /var/www/domain/phppgadmin;
        index index.php index.html index.html

        access_log      /var/log/phppgadmin/access.log;
        error_log       /var/log/phppgadmin/error.log;

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
               include fastcgi_params;

        location / {
                allow   18*****
                deny    all;

That is why i need to share my certeficate or issue new one for

Any ideas how to fix it?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I guess you could try experimenting with self-signing your own ssh certificates, and see what happens. That might lead you to what’s causing the problem.

Wayne Sallee

Still no luck, googling something like “lets encrypt nginx subdomain” or “digital ocean letsencrypt subdomain”, “digital ocean add subdomain” etc. I think i have added succesfully, but somehow not as lets encrypt needs. Because i was able navigate to my phppgadmin subdomain for a while, before it started redirect to https://. Still can not encrypt subdomain…

adding subdomain and again add subdomain set up lets encrypt