Forum
letsencrypt tool - subdomain
Fred
11 April 2017, 13:27
Hi Hugo,
I can use the letsencrypt tool with no problem for all my primary domain but so far I haven't been able to get my subdomain to get me a green light.
Could you please advise on how to create certificate for domain and subdomain?
Thank you
I can use the letsencrypt tool with no problem for all my primary domain but so far I haven't been able to get my subdomain to get me a green light.
Could you please advise on how to create certificate for domain and subdomain?
Thank you
Hugo Leisink
11 April 2017, 14:08
There should be no difference in requesting a certificate for a domain and one for a subdomain. For the letsencrypt script, both are just hostnames. What exactly goes wrong?
David
11 April 2017, 18:49
Works for me. Not sure if adding support for aliases would also be useful like with certbot:
Is there a difference besides having a base domain?
At any rate, I remember getting half-stuck at this stage though (from the README):
"register your account key" wasn't obvious to me, but I believe all I did was do ./letsencrypt -register example.com and then proceeded doing the same for the subdomains. After that I added the relevant keys to their respective VirtualHosts.
certbot-auto certonly --standalone -d example.com -d www.example.com -d ...
Is there a difference besides having a base domain?
At any rate, I remember getting half-stuck at this stage though (from the README):
After properly testing, open letsencrypt.conf, comment the testing CA hostname
(the LE_CA_HOSTNAME setting), uncomment the production CA hostname, register
your account key at the production server and request the final version of your
website certificate.
"register your account key" wasn't obvious to me, but I believe all I did was do ./letsencrypt -register example.com and then proceeded doing the same for the subdomains. After that I added the relevant keys to their respective VirtualHosts.
Hugo Leisink
11 April 2017, 18:59
Hiawatha automatically uses all the hostnames from the specified VirtualHost section in the Hiawatha configuration as an alias.
David
11 April 2017, 19:39
Nice!
I suppose that doesn't work for subdomains in their own VirtualHost though (to do for example wiki.example.com instead of example.com/wiki).
I suppose that doesn't work for subdomains in their own VirtualHost though (to do for example wiki.example.com instead of example.com/wiki).
Hugo Leisink
11 April 2017, 19:43
If you have the following configuration
requesting a certificate for example.com via Hiawatha's letsencrypt script, you'll get a certificate that is valid for both example and wiki.example.com. The /wiki in example.com has nothing to do with any certificate. /wiki is not a subdomain. It's just a directory inside the hostname example.com.
VirtualHost {
Hostname = example.com, wiki.example.com
...
}
requesting a certificate for example.com via Hiawatha's letsencrypt script, you'll get a certificate that is valid for both example and wiki.example.com. The /wiki in example.com has nothing to do with any certificate. /wiki is not a subdomain. It's just a directory inside the hostname example.com.
David
11 April 2017, 20:05
I was thinking more:
Would it still work for this? If so I've probably overdone it, lol.
I get an error if I comment out the respective certs for the other VirtualHosts though.
VirtualHost {
Hostname = example.com, www.example.com
WebsiteRoot = /var/www/example
StartFile = index.html
...
}
VirtualHost {
Hostname = wiki.example.com
WebsiteRoot = /var/www/example/wiki
index.php
...
}Would it still work for this? If so I've probably overdone it, lol.
I get an error if I comment out the respective certs for the other VirtualHosts though.
Hugo Leisink
11 April 2017, 20:06
That will work, but you'll have to request two certificates. One for example.com (which will have an alias for www.example.com) and one for wiki.example.com.
kfft
11 April 2017, 23:29
Another question related to certificates (I posted on the weblog as well but not sure you read the weblog)
your LetsEncrypt script does not allow IP addresses in the list, could it pass on IP addresses instead (because I am using my site via http as well on the IP addresses) or should I change my configuration?
VirtualHost {
Hostname = example.com, 127.0.0.1, www.example.com
WebsiteRoot = /var/www/example
StartFile = index.html
...
}
your LetsEncrypt script does not allow IP addresses in the list, could it pass on IP addresses instead (because I am using my site via http as well on the IP addresses) or should I change my configuration?
Hugo Leisink
12 April 2017, 09:02
It's not that my script doesn't allow it. The Let's Encrypt CA doesn't allow it. And yes, of course I read the comments at my own weblog. 
Fred
12 April 2017, 17:06
I managed to get it working using Hugo example
VirtualHost {
Hostname = example.com, wiki.example.com
...
}kfft
13 April 2017, 09:08
I will continue on the weblog for my different issue, Fred's one has been closed
thanks Hugo keep on the great job, I am a big fan of the Hiawatha webserver I have been using for more than 10 years
thanks Hugo keep on the great job, I am a big fan of the Hiawatha webserver I have been using for more than 10 years
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
