Support » Networking WordPress » Multi-site apache and certbot / digitalOcean

  • drgued

    (@drgued)


    Hey there!

    I have a webstore running at tld.com. Just activiated multisite and created a new store for a second language se.tld.com.

    The server is running on DigitalOcean and I’ve used certbort to create the certificate for tld.com.

    Does anybody know how I can create certificates for se.tld.com and tld.se?
    By running certbot –apache -d se.tld.com -d http://www.se.tld.com
    I get asked on selecting the correct vhost file. So I guess I need to create a vhost for se.tld.com.
    But this I am unsure of how to do and map it to the network site.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • What you need is a single certificate for all the domains/subdomains.

    If you only need the certificate for subdomains (ie you’ll never do domain mapping), then you can request a wildcard certificate for the primary domain. This way, you don’t need to do anything if you add new subdomains. But you may have to authenticate via DNS, depending on your certbot setup.

    On the other hand, if you’ll use domain mapping, then simply put all your domains (and subdomains) into the SAN field of the same, single certificate. You can easily add multiple domains in a single certbot request like:

    certbot --apache -d example.com -d www.example.com -d sub1.example.com -d www.example.org

    (You can have up to 100 domains/subdomains in a LetsEncrypt cert, ie one “subject” domain and 99 “alternative” domains)

    So I guess I need to create a vhost for se.tld.com.

    No, you don’t.

    Thread Starter drgued

    (@drgued)

    Thanks for your time George!

    I’ve retried this and I get this error;

    certbot --apache -d example.no -d www.example.no -d se.example.no -d www.se.example.no -d example.se -d www.example.se
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator apache, Installer apache
    Cert not yet due for renewal
    
    You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
    (ref: /etc/letsencrypt/renewal/example.se.conf)
    
    What would you like to do?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1: Attempt to reinstall this existing certificate
    2: Renew & replace the cert (limit ~5 per 7 days)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
    
    Renewing an existing certificate
    Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
    
    We were unable to find a vhost with a ServerName or Address of se.example.no.
    Which virtual host would you like to choose?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1: 000-default.conf               | Multiple Names        |       | Enabled
    2: 000-default-le-ssl.conf        | Multiple Names        | HTTPS | Enabled
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
    Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
    
    We were unable to find a vhost with a ServerName or Address of www.se.example.no.
    Which virtual host would you like to choose?
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1: 000-default.conf               | Multiple Names        |       | Enabled
    2: 000-default-le-ssl.conf        | Multiple Names        | HTTPS | Enabled
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
    The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
    VirtualHost not able to be selected.
    
    IMPORTANT NOTES:
     - Unable to install the certificate
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/example.se/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/example.se/privkey.pem
       Your cert will expire on 2021-08-23. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot again
       with the "certonly" option. To non-interactively renew *all* of
       your certificates, run "certbot renew"
    

    you will use Certbot to obtain a free SSL certificate for Apache You can follow this introduction to DigitalOcean DNS for details on how to add them. This tutorial will use /etc/apache2/sites-available/your_domain.conf as an example.

    walgreenslistens

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.