Lets Encrypt Issue with a sub domain

webriddler

webriddler

Verified User
Joined
Nov 5, 2019
Messages
30
Hi,
When I try to create an SSL cert for a sub domain I get the following:

LetsEncrypt request successful for:
subdomain.example.tld
www.subdomain.example.tld
Cannot find domain in the certificate.
However, subdomains have been found instead. Proceeding with them.
Click to expand...

The main domain example.tld then uses the subdomain.example.tld as the SSL certificate, I have never experienced this before. I tried to issue the SSL for example.tld which works but as soon as I do it for the subdomain (on it's own) it causes this issue. I must have missed something really simple, any ideas?

So Chrome shows:

This server could not prove that it is example.tld; its security certificate is from subdomain.example.tld. This may be caused by a misconfiguration or an attacker intercepting your connection.
Click to expand...

UPDATE: After reading the post Richard G added it seems as if the best option although somewhat counterintuitive is to create a FULL domain with the subdomain.example.tld so that's the route I have taken

However I get:

Domain is already processing an SSL request. Please allow it to finish before making other changes.
Click to expand...

I have rebooted the server but see no way of cancelling the LE SSL request and as of now one has not been issued, is there a command I can use to force this issue or kill the pending task?
 
Last edited:
You might want to check this post.

Subdomains and certificates

Perhaps this point has been brought up some where and I missed it. I did a search found some older threads, I think 2017 being the latest one I've seen. And it seems to indicate that this is not possible. So apparently you can't add a secure certificate to a "subdomain" in DirectAdmin? Is...
forum.directadmin.com forum.directadmin.com
 
webriddler said:
I have rebooted the server but see no way of cancelling the LE SSL request and as of now one has not been issued, is there a command I can use to force this issue or kill the pending task?
Click to expand...
Best is not to update your post, but just post your update as reply if somebody already answered. This way things are more clear. At first I didn't even see that you updated your post but only that you liked it. As one does not get a notification about updates.

You might be able to kill the task by killing the task.queue which you can find in the /usr/local/directadmin/data directory, but I would just wait until it reaches the timeout and then try again to create the subdomain as domain.
Be sure to remove the subdomain from the normal domain (if still present), before you do that.

Any special reason you did not choose for the wildcard option? Makes life a bit easier when other subdomains are created.
 
Your points have been noted ;)

I was unable to setup the wildcard I got an error regarding the *.example.tld not resolved I may try it again but have just hit the rate limit for LE so will have to wait a while longer.

2023/05/07 15:07:49 [INFO] [*.example.tld] acme: Waiting for DNS record propagation.
Click to expand...
 
Last edited:
You already hit the rate limite? That's fast. However, not resolved is odd, that might be pointing to some DNS issues with your domain.
However I can't see since I don't know your domain.

If you recently created it (like little time ago today) then it can take 4-24 hours to propagate indeed and that would mean no issue present.
 
webriddler said:
may try it again but have just hit the rate limit for LE so will have to wait a while longer.
Click to expand...
That is why I don't like automatic SSL feature, always disable it as soon the servers are setup


Code: 
   /usr/local/directadmin/directadmin set admin_ssl_check_retries 0
service directadmin restart
 
He has external DNS and his dns provider (Hetzner) is supported by LEGO, so he can use LEGO if all is correct.
Is autossl enabled by default nowadays?
 
You must log in or register to reply here.
Back
Top