How To Add SSL For Subdomain?

General Discussion
  • I have the following working:

    example.com
    www.example.com

    Now I would like to add
    community.example.com

    Would like to use Letsencrypt but keep getting error message

  • Without information we cannot help.

    It's not a problem with letsencrypt, I'm running some subdomains using TLS (letsencrypt signed) without any problems.

    Please provide information on proxy-server/proxy-config/error-messages.

  • If you have problem and need help to solve the problem

    you have to post the error or information of your problem

    I think that your current certs is only stands for the specific domain
    and you have to regenerate or renew your certs

    have you tried typing domain without TLD or Including subdomain

    like this

    letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d community.example.com
    
    or
    
    letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d example.com -d www.example.com -d community.example.com
    
  • Yeah, depends on the error you get. Let's Encrypt is a bit finicky, especially with nginx, and when nginx is running.

    Have yet to try --webroot, giving that a shot today 😄

  • Thanks for replies so maybe I used wrong command?

    I was using the following command with path to folder

    ./letsencrypt-auto certonly --webroot -w /var/www/example/public_html -d example.com -d www.example.com -w /home/example/nodebb -d community.example.com
    

    for nginx I included this

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    
        proxy_pass http://127.0.0.1:4567/;
        proxy_redirect off;
    
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    

    I'm guessing letsencrypt can't see or reach the path? What else can I provide to help pinpoint problem?

  • @charles Let's Encrypt can't access the challenge directory because you don't have an nginx configuration for it.

    You'll need to add this inside the server block:

    location /.well-known/acme-challenge {
      root /var/www/example/public_html;
    }
    

Suggested Topics