Wordpress Multisite + Mapped Domains + LetsEncrypt

Discussion in 'General' started by Thane, Mar 16, 2017.

  1. ahrasis

    ahrasis Member

    I am using this as well and created LE SSL certificates for each of the alias domains. I think LE will not limit the certificates this way, but I may be wrong.
     
  2. Thane

    Thane New Member

    @Jessie
     
  3. Thane

    Thane New Member

    Ahrasis,
    Hmmm, so Alias Domain's is working for you doing this setup aye? I suppose I shall give that another try then. This time I will make an attempt using a third test domain. Does it matter what order I set this up? My last tries I started by creating a new subsite in my Multisite Network, then I mapped it to its www.Child-Site.com domain, then I twiddled with it in ISPConfig. Should I be adding it as an Alias Domain before mapping it out and creating the Subsite? I will begin testing a third Child Site now...
     
  4. Thane

    Thane New Member

    Update:
    So stumped. here is the last tidbit of the most recent test letsencrypt.log:
    2017-03-21 02:06:08,803:DEBUG:letsencrypt.cli:Exiting abnormally:
    Traceback (most recent call last):
    File "/usr/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
    File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
    return config.func(config, plugins)
    File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 706, in obtain_cert
    _, action = _auth_from_domains(le_client, config, domains, lineage)
    File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 457, in _auth_from_domains
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
    File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 252, in obtain_certificate
    return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
    File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 229, in obtain_certificate_from_csr
    authzr)
    File "/usr/lib/python2.7/dist-packages/acme/client.py", line 319, in request_issuance
    headers={'Accept': content_type})
    File "/usr/lib/python2.7/dist-packages/acme/client.py", line 652, in post
    return self._check_response(response, content_type=content_type)
    File "/usr/lib/python2.7/dist-packages/acme/client.py", line 568, in _check_response
    raise messages.Error.from_json(jobj)
    Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: Main-Domain.com​

    Not sure if that means I can't add any more alt-names for Main-Domain's SSL? Incidentally while I was setting up Child-Site3.com in the Multiste + adding it as an Alias-Domain something threw my Main-Domain LE SSL out of whack, had to restart Apache2 and reset my Main-Domain SSL, so the last bit of that log file is probably info about LE trying to give me my old cert back... Also, a long ways up the log file there is a bunch of stuff about Child-Site3, nothing that made any sense as far as errors though :/

    The quest continues...
     
  5. ahrasis

    ahrasis Member

    Just make sure you can publicly access your alias domain before ticking/applying for its LE SSL certificate.
     
  6. Thane

    Thane New Member

    Pretty sure I've run against LE's rate limiting so I'll be unable to continue testing until next week. Unless I plop down another domain on a new Multisite install to continue testing, lol... i think I'll wait.

    So as long as the rate limiting has been the factor causing me all these problems, my next question will be how many domains can i stick on my Main-Domain SSL before hitting the next wall of limits. I've ready that SANs are limited to 5 per week, not sure if that means the www-version + non-www version or no, in either case looks like I'll only be able to add a potential-maximum of 5 domains per week (unless the ww/non-ww versions count as 2 domains, in that case I would only be able to bring 2 sites into the network per week.).

    Will begin testing next week after my limits are refreshed and report back :)
     
  7. ahrasis

    ahrasis Member

    That is sure enough.

    You don't need to use main domain. You can always create one subdomain for testing and other subdomains as its aliases.
     

Share This Page