Resolved How to install and configure multi-domain (SAN) SSL certificate?

[Saverio]

Hello,
I have to install a LetsEncrypt SAN SSL certificate covering a main domain and a few aliases (e.g. mymaindomain.tld, myfirstalias.tld, mysecondalias.tld, etc...).
I've read on the LetsEncrypt website that their certificates do provide the SAN function and can cover up to 100 different domains but I was unable to understand how to install and configure this type of certificate; can anybody help me, please.

I am using Plesk 12.5.30 on a CentOS Linux 7.2.151 dedicated server (with SSH access).

Thank you very much in advance for your kind help.

Best regards

P.S. On the same server (hence with the same IP) I have also another another website - with no aliases and its own single-domain SSL certificate - that I could install and activate via Plesk without any issue.

 

[UFHH01]

Hi Saverio,

pls. see: => #13
... where you will find the not-Plesk-documented "expand" - command. You are certainly able to expand your certificate(s) with alias domains, but keep in mind, that these domains will as well need correct DNS - A - entries, so that the certbot is able to authenticate the (sub)domain.

 

[Saverio]

Hi Saverio,

pls. see: => #13
... where you will find the not-Plesk-documented "expand" - command. You are certainly able to expand your certificate(s) with alias domains, but keep in mind, that these domains will as well need correct DNS - A - entries, so that the certbot is able to authenticate the (sub)domain.

Thank you very much for your help; I'll try your solution and let you know how it goes.

 

[Saverio]

Unfortunately it did not (entirely?) work.

When I launched the command I received the following feedback:

Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for domain-A.tld
http-01 challenge for www.domain-A.tld
http-01 challenge for domain-B.tld
http-01 challenge for www.domain-B.tld
http-01 challenge for domain-C.tld
http-01 challenge for www.domain-C.tld
http-01 challenge for domain-D.tld
http-01 challenge for www.domain-D.tld
http-01 challenge for domain-E.tld
http-01 challenge for www.domain-E.tld
Starting new HTTPS connection (1): 127.0.0.1
Starting new HTTPS connection (1): 127.0.0.1
Cleaning up challenges
Site "domain-B.tld" get failure: Site does not exist
Error occured while sending feedback. HTTP code returned: 502
Executing /usr/local/psa/admin/plib/modules/letsencrypt/scripts/cli.php failed:

exit status 1

Then, when I check any of those domains, I still see the default "Connection is not secure" page which is usually displayed when e certificate is not valid or has expired...

I am sorry I am still bothering you but I am not at all familiar with server management and configuration (I am a web designer/developer and untill very recently I used to work in a big global company with in-house servers managed by a dedicated team)

 

[UFHH01]

Hi Saverio,

Site "domain-B.tld" get failure: Site does not exist

Indicates, that this domain is not setup correctly, in order to be able to include/expand it in your existent Let's Encrypt certificate. Pls. provide MORE informations, how you setup this domain.

 

[Saverio]

Unfortunately I did not set up neither the main domain and its aliases nor the associated SSL certificate; that was done by my predecessor, who quitted without leaving any documentation behind.
Is there any particular configuration file which would be useful to you, in order to better undertand where the issue lies?

Thank you very much for your patience and kind support.

 

[UFHH01]

Hi Saverio,

Is there any particular configuration file which would be useful to you, in order to better undertand where the issue lies?

You might consider to post the corresponding configuration files from "/var/www/vhosts/system/(sub)YOUR-DOMAIN.COM/conf" for investigations or/and you could post screenshots of your hosting - settings ( => HOME > Domains > (sub)domain > Hosting Settings )

 

[Saverio]

Hi UFHH01,
first of all, I cannot thank you enough for your support.

I do not have sub-domains; I have a main domain with some aliases: the main domain serves a PrestaShop multi-store - but it is neve accessed directly with its URL - while each alias serves a different PrestaShop store - whose URL is used by customers.

Here it is a screenshot of the main domain hosting configuration:

And here it is a screenshot of one of the aliases configuration:

I also attached the files "httpd.conf" and "nginx.conf" (renamed as .txt) for the main domain

Thank you very much again.

 

[UFHH01]

Hi Saverio,

unfortunatetly, you installed/setup the domain aliases in a "not suggested way, when you would like to use a SAN Let's encrypt certificate". Pls. see the work-around, suggested at

=> Let's Encrypt certificate for a domain aliases or for a domain with multiple aliases ( Plesk KB - article 213372009 )​

... to install/setup domain aliases as separate subscriptions, pointing the documentroot all to your "MAIN" - domain's documentroot.

 

[Saverio]

Hi Saverio,

unfortunatetly, you installed/setup the domain aliases in a "not suggested way, when you would like to use a SAN Let's encrypt certificate". Pls. see the work-around, suggested at

=> Let's Encrypt certificate for a domain aliases or for a domain with multiple aliases ( Plesk KB - article 213372009 )​

... to install/setup domain aliases as separate subscriptions, pointing the documentroot all to your "MAIN" - domain's documentroot.

I see... unfortunately I am not sure the solution proposed would be compatible with the settings necessary for the PrestaShop multi-store.
Anyway that is a different problem; the SSL issue is now clear.

Then my only option would be purchasing a non-LetsEncrypt SAN certificate, unless untill the feature is implemented.

Thank you very much for your help; you have been very patient and kind.