Question
LetsEncrypt share serteficate with subdomain?
Hello, i have issue with sharing certeficate with subdomains.
Using Debian 9, Nginx. Installed successfully on my www.domain.com and domain.com.
But, when i try to share this certeficate with subdomain like subdomain.domain.com, it shows ERROR
username@Debian:/etc/nginx/sites-available$ sudo certbot certonly -a webroot --webroot-path=/var/www/domain-d subdomain.domain.com --expand
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for subdomain.domain.com
Using the webroot path /var/www/domain/phppgadmin for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. subdomain.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://subdomain.domain.com/.well-known/acme-challenge/f3HvI4S970igQArAPRJvXlWyvpE_xTkSK9tU3BcG1rA: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: subdomain.domain.com
Type: unauthorized
Detail: Invalid response from
http://subdomain.domain.com/.well-known/acme-challenge/f3HvI4S970igQArAPRJvXlWyvpE_xTkSK9tU3BcG1rA:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I have certeficate for www.domain.com + domain.com. But i need to use subdomain for PhPPgAdmin. I have also configured subdomain.domain.com in my 1&1.com account. It show that i own that subdomain. Certeficate renew command for domain.com works fine, when i try add -d domain.com it shows message to reissue cert Y/N. But when it comes subdomain, got ERROR.
My DNS settings for subdomain same as domain.com.
Also, configured DigitalOcean domain records like that:
Type Hostname Value TTL (seconds)
CNAME www.domain.com is an alias of domain.com. 43200
AAAA subdomain.domain.com directs to 2a03:b0c0:2:d0::349e:1001 3600
CNAME *.subdomain.domain.com is an alias of subdomain.domain.com. 43200
A subdomain.domain.com directs to 178.62.***.** 3600
A domain.com directs to 178.62.***.** 3600
AAAA domain.com directs to 2a03:b0c0:2:d0::349e:1001 3600
NS domain.com directs to ns3.digitalocean.com. 1800
NS domain.com directs to ns1.digitalocean.com. 1800
NS domain.com directs to ns2.digitalocean.com. 1800
In addition, i want to tell that i was able to visit my subdomain.domain.com for a while and use PhPPgAdmin. But after indexing i got this ERROR
Your connection is not private
Attackers might be trying to steal your information from subdomain.domain.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy
ReloadHIDE ADVANCED
sybdomain.domain.com normally uses encryption to protect your information. When Google Chrome tried to connect to subdomain.domain.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be subdomain.domain.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit subdomain.domain.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Any firewalls disabled, not helped. If i ping my subdomain.domain.com it is fine with packages.
Nginx.conf
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/domain/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name domain.com;
include snippets/ssl-domain.com.conf;
include snippets/ssl-params.conf;
location ~ /.well-known {
allow all;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ [^/]\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
# PhpPgAdmin, redirect to phppgadmin for managing DB
server{
server_name subdomain.domain.com;
root /var/www/domain/phppgadmin;
index index.php index.html index.html
access_log /var/log/phppgadmin/access.log;
error_log /var/log/phppgadmin/error.log;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location / {
allow 18*****
deny all;
}
}
That is why i need to share my certeficate or issue new one for subdomain.domain.com.
Any ideas how to fix it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×