| SYSTEM INFORMATION | |
|---|---|
| OS type and version | debian 13 |
| Webmin version | 2.641 |
| Virtualmin version | 8.1 professional |
| Webserver version | 2.4.67 |
| Related packages | SUGGESTED |
| I have a large wp multisite with over 45 sites in it. how do i get LE to get ssl for every subsite? |
If your DNS is set up correctly, each domain/site should get an LE certificate when created which will then auto renew.
If doing it manually after domain creation, then Virtualmin, Manage Virtual Server, Setup SSL Certificate, SSL Providers, Request Certficate.
If the sites are the same domain, you will need a wildcard, not sure how its possible with different domain names. Maybe using cloudflare?
tried this..no dice. they are separate domains for each subsite. the dns is external at godaddy. the subsites are subfolders of the main public_html.
What did you try?
What happened?
There should have been an error message.
What does the log say? /log/letsencrypt/lestencrypt.log ?
Do you go to the doctor and say āI feel unwell, fix meā without any more clues?
the main site is americanconsumercouncil.org one of he many subsites is this one https://alaskaconsumercouncil.org/ trying to add this to the ssl section gets the following
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for americanconsumercouncil.org and alaskaconsumercouncil.org
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: alaskaconsumercouncil.org
Type: unauthorized
Detail: 104.168.120.130: Invalid response from http://alaskaconsumercouncil.org/.well-known/acme-challenge/kvXWePLfeo5sd7BpBeLVfxuWQ_ySN_eMoeguI-JE0so: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
obviously the ssl for alaska is invalid:
This server could not prove that it is alaskaconsumercouncil.org ; its security certificate is from acc.etc-md.com . This may be caused by a misconfiguration or an attacker intercepting your connection.
do i need to setup an alias server inside of virt for each of these additional domains? if so then how do i make the individual Apache point to each sub folder? Is there no automated way to do all of this? In wpengine they just add the subsite and it worksā¦i hope virt can do this just as easily.
why not set them up as sub servers within the same user account rather than just using sub directories this will allow
- ssl certificates from lets encrypt with automatic renewal
- the ability to run a different version of PHP on the sub server (good for testing your software against newer versions of PHP
- saves any, perhaps confusing, aliases
- runs the software as the same user account so no software configuration issues, with the caveat that you may need to change some paths
- In the future you just forget about it as virtualmin does itās thing
Itās just a case of doing things slightly different to what you are used to
the site is already built..with wordpress and itās subsites and subdirectories off the root..itās a pretty common way to do multisite in wordpress. when my personal site was a multisite it was the same way..the only wrinkle here is the multiple domans..each subsite has itās own separate domain.
aha a bit of gemini and i found it. i just have to create an alias server for each individual site and things get taken care of from thereā¦
well le has a hard limit of 5 pr time slice. i am now unable to add the other 46 domains until late tomorow..at this point itās going to take days to import this site..which isnāt acceptable. is there a way to mass add the alias servers in shot via the cli so it only runs the query once instead of 46 more times?
is there a way to add the aliases and NOT trigger the le request until i tell it to later?
got this thread in le forums going..and it seems this asking for a cert for every alias server is going to run afoul of LE hard rate limits. I think virtuaolmin needs to do this a bit differently
hereās the documentation on their rate limits:
so i ahve tried adding the domain to the ssl without adding the aliases first which leads to a 404 by certbot which makes sense. adding the alias makes the certbot reissue the ACC main site request a new cert with the subserviant domain(alaskaconsumer)..unfortunately this hit the rate limit in LE which them means i get one query pr day once the limit is reached. I do not see around this with virtualmin at this time. any ideas?
tat is how virtualmin sub servers work each is a separate domain the only difference they donāt use sub directories
hrmm..wil the subserver automatically kick to the subfolder of the parent domain so multisite can route thigns correctly?
I donāt use word press so i have no idea how it works, so if itās one installation of wordpress with configs splattered into different directories then your solution is better, but if you subscribe to virtualmin pro there is a word press option that may do exactly what you want
this is an existing site i am trying to make work from wpengine. the child domains are subfolders under the parent domain in wordpress. The sub server sets up itās own full apache environment..which doesnāt route to the parent domain which then would route to the sub folder..didnāt think a sub would work but i had to try to double checkā¦
so it comes down to is there a way to add these alias servers and NOT request a cert until manually told to do so?
i tried this command
virtualmin create-domain --domain delawareconsumercouncil.org --alias americanconsumercouncil.org --web --acme-never
but the system stil tired to do ssl..
i o wnet ahead and added all of the alias servers and kept banging the cap. i wll try to redo the ssl tomorrow at 640am my timeā¦