2

I’m trying to create an HTTPS Wildcard certificate for all my subdomains * .booda.me

My server is hosted on Amazon web services on an “Amazon Linux AMI”.

When I run certbot with this command: letsencrypt certonly --manual --preferred-challenges dns --register -d mydomain.me -d * .mydomain.me

I’m asked to create a acme-challenge “TXT” DNS that contains a string. The certificates are validated with the confirmation message for “bmydomainoda.me” and “* .mydomain.me”.

I also find my certificates by making “certbot certificates”: certbot certificates

When I validate the first DNS “TXT” I wait a few minutes for the propagation. Then I update the 2nd DNS “TXT” for the wildcard by modifying the first DNS, because AWS does not allow me to add a second “_acme-challenge.mydomain.me”. But I do not think that could be a problem …

By cons when I go https://mydomain.me it works but none of my subdomains detect the certificate Let’s encrypt.

I have this error when I try to access a subdomain: https://formation.mydomain.me/logon.php

subdomain

my httpd-le-sll.conf configuration file looks like this:

<VirtualHost *: 443>
DocumentRoot “/ var / www / html”
ServerName “mydomain.me”
ServerAlias ​​"www.mydomain.me"
SSLCertificateFile /etc/letsencrypt/live/mydomain.me-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.me-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</ VirtualHost>

I do not understand where it can come from. I made several attempts by choosing “(E) xpand” to update the certificates but it does not work.

Where can it come from, I’m starting to despair …

Hugo-dev
  • 159
  • 2
  • 9
  • Sounds like a Chrome/Browser issue, i.e. an SSL Error. Refer: 1. https://stackoverflow.com/questions/27294589/creating-self-signed-certificate-for-domain-and-subdomains-neterr-cert-commo 2. https://www.drivereasy.com/knowledge/fix-err-cert-common-name-invalid-chrome-solved/ – sulabh chaturvedi Oct 20 '18 at 13:33
  • Please don't vandalise your posts. Note that your httpd.conf you shared is for port 80, not for the HTTPS port, 443. The configuration only redicts clients connecting to `www.booda.me` or `booda.me` to their `https://` equivalent, nothing else. – Martijn Pieters Feb 18 '19 at 14:06
  • Sorry, I updated my post with new info, the old post was more than 2 months ago. I hope to have new answers because a post quickly falls into oblivion ... – Hugo-dev Feb 18 '19 at 14:54

2 Answers2

1

The site https://test.booda.me/ is not using a wildcard certificate. Both the Subject and Subject Alternative Name specify subdomain.booda.me. Either recreate your certificate or select the correct one. The command line that you specified was not used to create the certificate that you are using. You would have received an error message plus the certificates names do not match (subdomain is not specified in your command line).

Note: there is no space between the asterisk and the domain name * .booda.me. You have this error in your command line and the apache config file.

subdomain.booda.me

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • I use wildcards constantly with no problems. You will need to post the log results from Let's Encrypt to know why it is not working for you. – John Hanley Oct 21 '18 at 17:27
0

I finally found the solution! On AWS it is possible to inform two lines "DNS TXT" on a single _acme-challenge, with a simple return line.

So I was able to create a single let's encrypt certificate for mydomain.me and the wildcard.

Then it was missing an alias in my VHOST, which now gives:

<IfModule mod_ssl.c>
<VirtualHost *: 443>
    DocumentRoot "/ var / www / html"
    ServerName "mydomain.me"
    ServerAlias ​​"*.mydomain.me"
SSLCertificateFile /etc/letsencrypt/live/booda.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/booda.me/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</ VirtualHost>
</ IfModule>

Thank you all for your help ! Subject resolved :)

Hugo-dev
  • 159
  • 2
  • 9