[Let's Encrypt](EN) Case of subdomain's certificate was applied to root domain
Case of subdomain’s certificate was applied to root domain.
Environment and Prerequisite
- Let’s Encrypt
- Nginx
- Certbot
Background
- Due to my Curiosity, I searched my domain certificate and found that domain’s certificate was configured to subdomain’s certificate so I modified it. For example, if domain is
twpower.org, the certificate was displayed assubdomain.twpower.org’s certificate in browser. - Running server is Nginx environment and set certificate by using certbot.
Reason
- I used a Let’s Encrypt certificate and set it up using certbot. I found that I needed to set certificate per doamin. However I set up domain and subdomain simultaneously.
- Link shows a way of applying wildcard which contain subdomain. However I did not follow that way because it looks not easy.
Fix Method
- Certificate setting should be applied per domain. For example if there are domain
twpower.organd subdomainsubdomain.twpower.orgthen it can be applied like below command. - It is possible to apply to subdomain using above Link. However this post does not include that method.
sudo certbot --nginx -d twpower.org -d www.twpower.org
sudo certbot --nginx -d subdomain.twpower.org
Fix Process
Remove exist previous setting by certbot and set certificate again.
Remove existing configurations created by certbot
There are setting files per domain in /etc/nginx/sites-enabled/.
twpower@twpower-private-server:/etc/nginx/sites-enabled$ ls /etc/nginx/sites-enabled/
subdomain.twpower.org twpower.org
The parts configured by certbot are commented as shown below.
if ($host = www.twpower.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = twpower.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
To remove previous exist setting, I removed codes which commented with # managed by Certbot.
Check Nginx
sudo nginx -t
Set Certificate Using certbot
If nginx configuration is correct, refer to the command below to apply the certificate to both domain and subdomain.
sudo certbot --nginx -d twpower.org -d www.twpower.org
sudo certbot --nginx -d subdomain.twpower.org
Result
- Each domain has each own certificate.
Opinion
- These days, cloud services handle these tasks, so I may not encounter this situation again.
- Not only do cloud services handle this, but we also live in an era where services like ChatGPT provide detailed instructions, so I might not have the chance to encounter this again.
- When running a small server like me, this could be helpful.