Aliasdomain and Let's Encrypt not working

Discussion in 'Installation/Configuration' started by Arkymedes, Oct 29, 2018.

  1. Arkymedes

    Arkymedes New Member

    Hello there,
    I have 2 domains .com and .fr and would like to use the .fr domain as an alias to the .com one.
    Those were the steps I did:
    1. Alias was setup in DNS with an A record pointing to the same server as the .com main domain.
    2. Added domains to client in ISPConfig
    3. Created site using .com domain
    For the main domain
    1. Domain tab -> Mark SSL + Let’s Encrypt SSL boxes
    2. Redirect tab
      1. Redirect Type is “R=301,L”
      2. Redirect Path is blank
      3. SEO Redirect is “domain.tld => www.domain.tld
      4. Mark the “Rewrite HTTP to HTTPS” boxes
    3. SSL tab -> Mark the “Enable SPDY/HTTP2” box as my server is configured for HTTP2
    For the alias
    1. Select the .fr domain from the Domain list to be used as alias
    2. Parent site is the .com domain
    3. Redirect Type is “R=301,L”
    4. Redirect Path is blank
    5. Auto-Subdomain is www.
    6. SEO Redirect is “domain.tld => www.domain.tld
    7. “Don’t add to Let’s Encrypt certificate” is unchecked
    8. “Active” is checked
    Visiting the .fr domain gives me a Privacy error from Chrome, saying that the .fr domain is using the certificate from the .com domain, hence it's insecure.

    Checking the Let's Encrypt log in /var/log/letsencrypt/letsencrypt.log right after the creation of the alias, shows me this:

    2018-10-29 11:37:03,355:INFO:certbot.renewal:Cert not yet due for renewal
    2018-10-29 11:37:03,355:INFO:certbot.main:Keeping the existing certificate
    2018-10-29 12:05:02,926:DEBUG:certbot.main:certbot version: 0.23.0
    2018-10-29 12:05:02,927:DEBUG:certbot.main:Arguments: ['-n', '--text', '--agree-tos', '--expand', '--authenticator', 'webroot', '--server', '', '--rsa-key-size', '4096', '--email', '[email protected]', '--domains', '', '--domains', '', '--webroot-path', '/usr/local/ispconfig/interface/acme']
    2018-10-29 12:05:02,927:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
    2018-10-29 12:05:02,938:DEBUG:certbot.log:Root logging level set at 20
    2018-10-29 12:05:02,938:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
    2018-10-29 12:05:02,940:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
    2018-10-29 12:05:02,940:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
    Description: Place files in webroot directory
    Interfaces: IAuthenticator, IPlugin
    Entry point: webroot = certbot.plugins.webroot:Authenticator
    Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f5a9ea755c0>
    Prep: True
    2018-10-29 12:05:02,941:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f5a9ea755c0> and installer None
    2018-10-29 12:05:02,941:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
    2018-10-29 12:05:02,950:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f5a9ea6fa58>)>), contact=('mailto:[email protected]',), agreement=None, status='valid', terms_of_service_agreed=None), uri='', new_authzr_uri=None, terms_of_service=''), 1b6f5eddcd5b431a911b63ce25bfdc27, Meta(creation_dt=datetime.datetime(2018, 10, 1, 19, 3, 4, tzinfo=<UTC>), creation_host=''))>
    As you can see, no mention at all of the .fr domain in the log, so I have no idea what went wrong.
    Can anyone shed a light here?
    Thanks in advance,
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try unchecking let's encrypt checkbox in the website, click save, enable it again and press save. If this does not help, then try using debug mode to see why the alias domain gets excluded form LE cert.
    Arkymedes likes this.
  3. Arkymedes

    Arkymedes New Member

    That did the trick till, thanks a million!
  4. Arkymedes

    Arkymedes New Member

    A quick follow up to this question with another question:
    What should I use as Redirect Type if I want people that enter the .fr alias to keep it as the URL, instead of rewriting it to .com?

    Thanks again,
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Use no redirect at all as that's what happens when a alians domain has no redirect.

Share This Page