How To Add SSL For Subdomain?

General Discussion
Log in to reply
  • charles

    I have the following working:

    example.com
    www.example.com

    Now I would like to add
    community.example.com

    Would like to use Letsencrypt but keep getting error message

    0
  • frissdiegurke
    Plugin & Theme Dev

    Without information we cannot help.

    It's not a problem with letsencrypt, I'm running some subdomains using TLS (letsencrypt signed) without any problems.

    Please provide information on proxy-server/proxy-config/error-messages.

    0
  • M

    If you have problem and need help to solve the problem

    you have to post the error or information of your problem

    I think that your current certs is only stands for the specific domain
    and you have to regenerate or renew your certs

    have you tried typing domain without TLD or Including subdomain

    like this

    letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d community.example.com

or

letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d example.com -d www.example.com -d community.example.com
    0
  • julian
    GNU/Linux Admin

    Yeah, depends on the error you get. Let's Encrypt is a bit finicky, especially with nginx, and when nginx is running.

    Have yet to try --webroot, giving that a shot today 😄

    0
  • charles

    Thanks for replies so maybe I used wrong command?

    I was using the following command with path to folder

    ./letsencrypt-auto certonly --webroot -w /var/www/example/public_html -d example.com -d www.example.com -w /home/example/nodebb -d community.example.com

    for nginx I included this

    location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass http://127.0.0.1:4567/;
    proxy_redirect off;

    # Socket.IO Support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

    I'm guessing letsencrypt can't see or reach the path? What else can I provide to help pinpoint problem?

    0
  • julian
    GNU/Linux Admin

    @charles Let's Encrypt can't access the challenge directory because you don't have an nginx configuration for it.

    You'll need to add this inside the server block:

    location /.well-known/acme-challenge {
  root /var/www/example/public_html;
}
    0

Suggested Topics

| |
Copyright © 2021 NodeBB | Contributors