Must be doing something wrong... let's encrypt

Discussion in 'Installation/Configuration' started by jpcalhau, Apr 22, 2020.

  1. jpcalhau

    jpcalhau New Member

    Hi everybody,
    I have a strange issue…

    I configured a new website in ISPConfig , nomegrandeaindamaior.pt (this is a sample but de domain name is that big) I’ve created a subdomain (webmail) and an aliasdomain nomegrandeaindamaior.com, so far so good all redirections work as expected.

    Then I activate Let’s Encrypt SSL… the cert is created but I was expecting to have the following alternatives to dns names:
    nomegrandeaindamaior.pt
    www.nomegrandeaindamaior.pt
    webmail.nomegrandeaindamaior.pt
    nomegrandeaindamaior.com
    www.nomegrandeaindamaior.com

    instead the cert only have
    nomegrandeaindamaior.pt
    www.nomegrandeaindamaior.pt

    This cause the security warning in browsers because the names do not match...

    (I have another web site where I only have de domain.tld, www.domain.tld and a subdomain webmail.domain.tld and everything is OK, all the alternatives are there…)

    What am I doing wrong?

    Thks in advance

    JPC
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    did you use 'subdomain for website' or 'subdomain (vhost)' ? and 'aliasdomain for website' or 'aliasdomain (vhost)' ?
    the vhost versions will have their own vhost config, and certificates, separate from the main domain.

    if you used the 'for website' menu items, then they should have been included in the same certificate as the main domain, although when configuring them they do have the option 'Don't add to Let's Encrypt certificate' is it possible you've accidentally ticked that option?

    I don't know if you've created new certs on other domains or it's tried to run renewals since. you may need to read the logfile /var/log/letsencrypt/letsencrypt.log to find out more information, it could be it couldn't verify the existence of the subdomain/aliasdomain and so doesn't attempt to request their names on the certificate.
     
    Last edited: Apr 22, 2020
  3. jpcalhau

    jpcalhau New Member

    [updated]
    Yes it was, if they have all the IP it works fine...
    (as far as the domains (or sub) are reachable shouldn't work anyway?)

    Thks again ;)
    I, thanks for your reply ;)

    I used the options under "Websites" in ispconfig menus ;) and no the options to do not add certs are not ticked.
    I'm doind some more tests (or I saw the wrong logs or they are not being updated on the fly...) I have now an error "could not verify ..."
    I realize (in DNS) they do not have the same IP (I changed now just to test), could it be the problem?
     
  4. nhybgtvfr

    nhybgtvfr Active Member

    yes, if subdomains and aliasdomains are not created as separate vhosts, then all the configuration goes into the main domains vhost configuration, so they must have the same ip.
     
  5. jpcalhau

    jpcalhau New Member

    :) I know that now ;)

    I get used to configure separate vhosts but whenever an update to system occur I had to adjust some configurations… so I changed to work with ispconfig confs (after they are there to be used ;)).

    Thanks again ;)
    JP
     

Share This Page