Forum

letsencrypt multiple domains query!

JamesT
14 July 2018, 17:02
Hi,

I have the following virtual host & binding set-up /etc/hiawatha/hiawatha.conf:
Binding {
Port = 443
TLScertFile = tls/www.chilli.ai.pem
Interface = 192.168.86.39
MaxRequestSize = 2048
TimeForRequest = 30
}

VirtualHost {
142 Hostname = chilli.ai, www.chilli.ai
143 WebsiteRoot = /var/www/chilli_ai/public
144 StartFile = index.html
145 EnforceFirstHostname = yes
146 ExecuteCGI = no
147 PreventXSS = yes
148 PreventCSRF = yes
149 PreventSQLi = yes
150 ShowIndex = no
151 AccessLogfile = /var/log/hiawatha/chilli_access.log
152 ErrorLogfile = /var/log/hiawatha/chilli_error.log
153 ErrorHandler = 404:/index.html
154 ErrorHandler = 401:/index.html
155 ErrorHandler = 403:/index.html
156 ErrorHandler = 501:/index.html
157 ErrorHandler = 503:/index.html
158 TimeForCGI = 5
159 UseFastCGI = PHP7
160 UseToolkit = monitor
161 UseDirectory = static
162 RequireTLS = yes
163 }

i successfully generate the TLS certs using the letsencrypt script in /extras/:

./letsencrypt request chilli.ai www.chilli.ai
Generating RSA key.
Generating Certificate Signing Request (CSR).
Ordering certificate.
Getting authorization challenge for chilli.ai.
- Creating reponse for authorization challenge.
- Requesting authorization for host.
- Polling authorization status.
Getting authorization challenge for www.chilli.ai.
- Creating reponse for authorization challenge.
- Requesting authorization for host.
- Polling authorization status.
Finalizing order.
Removing challenge responses.
Downloading certificates.
Writing private key and certificates to file.

here's the directory listing for my tls directory:
[james@yshtola tls]$ pwd
/etc/hiawatha/tls
[james@yshtola tls]$ ls -lart
total 24
lrwxrwxrwx 1 root root 8 Jul 1 00:26 www.chilli.ai.pem -> cert.pem
-rw-r--r-- 1 root root 2163 Jul 1 00:34 hiawatha.pem
-rw------- 1 root root 7406 Jul 14 14:53 chilli.ai.pem
drwxr-xr-x 1 root root 100 Jul 14 15:33 .
-rw------- 1 root root 7418 Jul 14 15:33 cert.pem
drwxr-xr-x 1 root root 236 Jul 14 15:57 ..
[james@yshtola tls]$

if i go to a browser and type in www.chilli.ai it seems to redirect to chilli.ai (which is no problem for me), but no certificate seems to exist for chilli.ai even though it was successfully created via the command line.

Any thoughts please as to what I am doing wrong please?

Thanks, James
Hugo Leisink
17 July 2018, 01:33
if i go to a browser and type in www.chilli.ai it seems to redirect to chilli.a

Of course. You set EnforceFirstHostname to 'yes'.

About the certificate, the output of letsencrypt shows a certificate for both chilli.ai and www.chilli.ai was created. Are you sure your using the right certificate file? The file www.chilli.ai.pem seems to softlink to cert.pem. Shouldn't you be using chilli.ai.pem?
This topic has been closed.