Darthtrader
Reputation: 248
How to create a Let’s Encrypt self signed certificate for a subdomain only? (error in post)
How to create a Let’s Encrypt self signed certificate for a subdomain?
To be specific:
sub.domain.com(needs a certificate and points to an ip address)domain.com(does not point to anything)
When following the following instructions, I get the following errors:
>>> sudo -H ./letsencrypt-auto certonly --standalone -d sub.domain.com --register-unsafely-without-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for sub.domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. sub.domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: sub.domain.com
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Upvotes: 1
Views: 1644
Answers (2)
Shailendra Sinha
Reputation: 31
You can create Let's Encrypt Certificate for subdomain without pointing domian to any root.
- Login to DNS management and create A NAME Record for subdomian. For A NAME you would need IP address
- Verify sub.domian.com is accessible over internet.
- run script for sub.domian.com.
https://zerossl.com/free-ssl/#crt can be also used to generate certificates and key however it would need some manual step to create .well-known and aceme-challenge folder need to be created in sub.domian.com /DocumentRoot
Upvotes: 1
jrtapsell
Reputation: 7001
You need to run the commands on the server, cause the command verifies you control the domain, so if it's not on the server it can't verify correctly.
Upvotes: 0
Related Questions
- Lets Encrypt subdomain not secure
- Multiple subdomains with lets encrypt
- Wildcard certificate for Subdomains?
- Ubuntu - trouble securing *.mydomain.com and *.sub.mydomain.com using different certs
- Can I use LetsEncrypt to issue a certificate for a sub-domain that I don't own?
- LetsEncrypt SSL Certificates with multi domains and multi subdomains
- SSL Cert for multiple subdomains in poste.io
- Letsencrypt SSL certificate error
- How to add certificate for sub-domain using Lets Encrypt
- Adding subdomains to existing certificate