Lets Encrypt and Alias Domains

Discussion in 'General' started by kyferez, Jun 18, 2018.

  1. kyferez

    kyferez Member

    I have a site, let's call it example.com, with an alias domain, lets call it ex.com. I enabled SSL and LE SSL on example.com before I added ex.com as an alias. So the cert was created without the alias in the SAN. I removed SSL from the site and re-added it, but it reused the old cert instead of recreating a new one with the added Alias domain.

    How can I fix this and have ISPConfig force LE to regen the cert?
     
  2. ahrasis

    ahrasis Well-Known Member

    You could delete the old certs before trying to reissue the new certs.

    In debian / ubuntu to delete them you can run: "rm -rf /etc/letsencrypt/*/example.com*"
     
    kyferez likes this.
  3. kyferez

    kyferez Member

    That let it regen the cert, but the alias domain still does not work. The SAN name does NOT include the alias :(
     
    Last edited: Jun 19, 2018
  4. ahrasis

    ahrasis Well-Known Member

    Try to access your alias domain before requesting for the new certs; is it working?

    Also check the vhost file to see whether the alias domain is already included.
     
  5. kyferez

    kyferez Member

    You mean the alias domain using HTTP? Yes, it works with HTTP. With HTTPS, it does not.

    In my prior post when I said the Alias domain doesn't work, I meant the cert was invalid. The site did come up if I ignored the cert warning; What didn't work was the alias domain wasn't added to the SAN in the Cert.
     
  6. kyferez

    kyferez Member

    Anyone know if this is a ISPConfig bug with Alias domains and LetsEncrypt or if I'm doing something wrong?
     
  7. kyferez

    kyferez Member

    bump...? I'm using version 3.1dev
     
    Last edited: Jun 23, 2018
  8. ahrasis

    ahrasis Well-Known Member

    Checks your log files. Use the faq as your guides. The LE SSL certs are not updated for reasons that we do not know as you did not provide a detail info.

    I personally don't think it is a bug since others are adding alias domain just fine to their LE SSL certs.

    The steps in doing it were discussed so many times. Add alias domain and save, then uncheck the SSL button in the main domain and save, then re-check the LE buttom in the main domain and save, and wait for LE to process.

    If failed, check the LE logs as they will tell you what you did wrong, not us here, as we do not know what and how you did it.
     
    kyferez likes this.
  9. kyferez

    kyferez Member

    The problem was I had checked in the AliasDomain the box "Don't add to LetsEncrypt Certificate" when I created it because I didn't originally have SSL enabled... So that was the issue DOH!

    Thank you VERY MUCH!
     
    till and ahrasis like this.
  10. bodri

    bodri New Member

    It is buggy anyway, i cant use lets encrypt because i had example.ddns.com alias before for example.com but now deleted to use lets encrypt, but cert creation always want to make cert for delete aliases too. i have removed all form /etc/letsencrypt/*/example.com but nothing happend. Where are come this setting and how can i modify ispconfigs cert creation settings ?
     
  11. ahrasis

    ahrasis Well-Known Member

    rm -rf /etc/letsencrypt/*/example.com*
    Note the star at the end.

    Your example.ddns.com probably got too many requests and as such failed. Do not use it to apply Lets Encrypt certs together with any other domains.
     
  12. bodri

    bodri New Member

    thx the quick answer, i will try it next time again, but now i have had fix some domain ASAP manually. If i run cacert manually with given domain thats ok, but in log still remain tried domain example.ddns.net after rm -rf /etc/letsencrypt/*/example.com*
    where search ispconfig domain aliases to run cacert ? i have removed it from ispconfig too of course
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The domains used in an ssl cert are all listed in the domain alias or subdomain or website list in ispconfig. Ensure that you log in as admin, maybe your current user has no permission to see them.
     

Share This Page