certbot sets an authentication file in the domain's web root and then
tests access to the file using the domain URL from at least two separate
locations. So if your subdomains/alias domains are not valid or the URL
with Lets Encrypt's authentication file cannot be reached from these
locations then LE will not issue the cert for that domain alias. The
locations they choose to verify from are usually the US, and often
Sweden and Singapore - so don't block those countries. If you look at
the web server access logs you can see the IPs they are attempting to
verify from.
There may be other methods for LE to use verification. certbot is what
we use and it's setup on a cron.
Jeff
On 10/20/2024 10:28 AM, Eric Broch wrote:
I believe, if I understand certbot documentation, that you must prove
ownership of the domains through DNS settings. I've failed to find any
good examples on this.
On 10/20/2024 7:41 AM, Tony White wrote:
Hi Folks,
I have an SSL certificate issued by Lets Encrypt with 15
domains in it. 1 primary and the rest are Aliased.
My issue is that the ServerName works perfectly every time.
However none of the ServerAlias do. They all pop up as "Not Secure".
Yet using openssl they all appear valid with valid date, issuer etc.
Should I do this some other way? Or is my configuration invalid?
TIA :)
--
regards
Tony White
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
