How to create a second SSL certificate
I have a Let's encrypt certificate up and running for testweb.com on my home ubuntu server. In fact I created this testweb.com url because I didn't want to mess with my workingweb.com website, which is a squarespace website. At the moment, testweb.com/owncloud is a nextcloud webserver.
My goal is to move away from the testweb.com url and only use the workingweb.com url.
So it will be workingweb.com for squarespace and cloud.workingweb.com for my home nextcloud webserver.
I have create a cloud.workingweb.com website on the same home server but when I connect to it, it uses the testweb.com certificate.
So I tried to create a second let's encrypt certificate
sudo certbot --apache -d cloud.workingweb.com
but it returns...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.workingweb.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.workingweb.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxx: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.workingweb.com
Type: connection
Detail: Fetching
http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
And apart from the fact that I don't know how to create the certificate, I don't see how to use it in my Apache vhosts files.
I guess the certbot problem comes from the fact that I have a redirect from http to https.
Here are my vhosts...
000-default.conf
<VirtualHost *:80>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testweb.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/ testweb.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ testweb.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
nextcloud.conf
Alias /nextcloud "/var/www/owncloud/"
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
cloud.workingweb.com.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName cloud. workingweb.com
DocumentRoot /var/www/cloud.workingweb.com /public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/cloud.workingweb.com /public_html/>
AllowOverride All
</Directory>
</VirtualHost>
BTW: I have /owncloud and not /nextcloud in cause I upgraded from a owncloud server to a nextcloud server and never changed the directory structure.
BTW2: Why do we always have to hide our real urls. It seems like a standard on forum...
Thank you so much, you brilliant minds.
:-)
apache2 ssl
asked Dec 26 '18 at 17:10
EdwinEdwin
548
add a comment |
I have a Let's encrypt certificate up and running for testweb.com on my home ubuntu server. In fact I created this testweb.com url because I didn't want to mess with my workingweb.com website, which is a squarespace website. At the moment, testweb.com/owncloud is a nextcloud webserver.
My goal is to move away from the testweb.com url and only use the workingweb.com url.
So it will be workingweb.com for squarespace and cloud.workingweb.com for my home nextcloud webserver.
I have create a cloud.workingweb.com website on the same home server but when I connect to it, it uses the testweb.com certificate.
So I tried to create a second let's encrypt certificate
sudo certbot --apache -d cloud.workingweb.com
but it returns...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.workingweb.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.workingweb.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxx: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.workingweb.com
Type: connection
Detail: Fetching
http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
And apart from the fact that I don't know how to create the certificate, I don't see how to use it in my Apache vhosts files.
I guess the certbot problem comes from the fact that I have a redirect from http to https.
Here are my vhosts...
000-default.conf
<VirtualHost *:80>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testweb.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/ testweb.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ testweb.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
nextcloud.conf
Alias /nextcloud "/var/www/owncloud/"
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
cloud.workingweb.com.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName cloud. workingweb.com
DocumentRoot /var/www/cloud.workingweb.com /public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/cloud.workingweb.com /public_html/>
AllowOverride All
</Directory>
</VirtualHost>
BTW: I have /owncloud and not /nextcloud in cause I upgraded from a owncloud server to a nextcloud server and never changed the directory structure.
BTW2: Why do we always have to hide our real urls. It seems like a standard on forum...
Thank you so much, you brilliant minds.
:-)
apache2 ssl
asked Dec 26 '18 at 17:10
EdwinEdwin
548
add a comment |
I have a Let's encrypt certificate up and running for testweb.com on my home ubuntu server. In fact I created this testweb.com url because I didn't want to mess with my workingweb.com website, which is a squarespace website. At the moment, testweb.com/owncloud is a nextcloud webserver.
My goal is to move away from the testweb.com url and only use the workingweb.com url.
So it will be workingweb.com for squarespace and cloud.workingweb.com for my home nextcloud webserver.
I have create a cloud.workingweb.com website on the same home server but when I connect to it, it uses the testweb.com certificate.
So I tried to create a second let's encrypt certificate
sudo certbot --apache -d cloud.workingweb.com
but it returns...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.workingweb.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.workingweb.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxx: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.workingweb.com
Type: connection
Detail: Fetching
http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
And apart from the fact that I don't know how to create the certificate, I don't see how to use it in my Apache vhosts files.
I guess the certbot problem comes from the fact that I have a redirect from http to https.
Here are my vhosts...
000-default.conf
<VirtualHost *:80>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testweb.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/ testweb.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ testweb.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
nextcloud.conf
Alias /nextcloud "/var/www/owncloud/"
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
cloud.workingweb.com.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName cloud. workingweb.com
DocumentRoot /var/www/cloud.workingweb.com /public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/cloud.workingweb.com /public_html/>
AllowOverride All
</Directory>
</VirtualHost>
BTW: I have /owncloud and not /nextcloud in cause I upgraded from a owncloud server to a nextcloud server and never changed the directory structure.
BTW2: Why do we always have to hide our real urls. It seems like a standard on forum...
Thank you so much, you brilliant minds.
:-)
apache2 ssl
asked Dec 26 '18 at 17:10
EdwinEdwin
548
I have a Let's encrypt certificate up and running for testweb.com on my home ubuntu server. In fact I created this testweb.com url because I didn't want to mess with my workingweb.com website, which is a squarespace website. At the moment, testweb.com/owncloud is a nextcloud webserver.
My goal is to move away from the testweb.com url and only use the workingweb.com url.
So it will be workingweb.com for squarespace and cloud.workingweb.com for my home nextcloud webserver.
I have create a cloud.workingweb.com website on the same home server but when I connect to it, it uses the testweb.com certificate.
So I tried to create a second let's encrypt certificate
sudo certbot --apache -d cloud.workingweb.com
but it returns...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.workingweb.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. cloud.workingweb.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxx: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.workingweb.com
Type: connection
Detail: Fetching
http://cloud.workingweb.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
And apart from the fact that I don't know how to create the certificate, I don't see how to use it in my Apache vhosts files.
I guess the certbot problem comes from the fact that I have a redirect from http to https.
Here are my vhosts...
000-default.conf
<VirtualHost *:80>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =testweb.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName testweb.com
ServerAlias www.testweb.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/ testweb.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ testweb.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
nextcloud.conf
Alias /nextcloud "/var/www/owncloud/"
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; preload"
</IfModule>
cloud.workingweb.com.conf
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName cloud. workingweb.com
DocumentRoot /var/www/cloud.workingweb.com /public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/cloud.workingweb.com /public_html/>
AllowOverride All
</Directory>
</VirtualHost>
BTW: I have /owncloud and not /nextcloud in cause I upgraded from a owncloud server to a nextcloud server and never changed the directory structure.
BTW2: Why do we always have to hide our real urls. It seems like a standard on forum...
Thank you so much, you brilliant minds.
:-)
apache2 ssl
apache2 ssl
asked Dec 26 '18 at 17:10
EdwinEdwin
548
asked Dec 26 '18 at 17:10
EdwinEdwin
548
asked Dec 26 '18 at 17:10
EdwinEdwin
548
asked Dec 26 '18 at 17:10
EdwinEdwin
548
asked Dec 26 '18 at 17:10
EdwinEdwin
548
548
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1104701%2fhow-to-create-a-second-ssl-certificate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1104701%2fhow-to-create-a-second-ssl-certificate%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
