Question Let's Encrypt can not be set properly

[Zoo3]

I operated the four sites below. And install Let's Encrypt certificate at each site.

Let my domain be exmaple.com.
1. example.com -- Call AAA
2. site2.example.com -- Call BBB
3. site3.example.com -- Call CCC
4. site4.example.com -- Call DDD

BBB and DDD are normal. The certificate name that is being applied is the same URL as the site.

The problem is AAA and CCC.
The setting of CCC: site3.example.com is "Lets Encrypt exmaple.com (site3.example.com)".
And the setting of AAA: example.com is "Lets Encrypt site3.example.com (example.com)".

I think that site3.exmaple.com is more important. So it's the above setting. CCC can use HTTPS.
My choice is only the above. AAA can not use HTTPS. I am giving up.

For exmaple,
If AAA certificate is set to "Lets Encrypt exmaple.com (example.com)", AAA can make HTTPS connection.
But if I set it, CCC will be unable to use HTTPS.
Certificate options in the CCC are Lets Encrypt exmaple.com (site3.example.com), ~~ site3.example.com (site3.example.com) and ~~ Certificate (Other Repository). I can not use HTTPS whatever certificate of CCC is chosen.

*AAA has Lets Encrypt site3.example.com (example.com), ~~ example.com (example.com) and ~~ Certificate (Other Repsitory).

I think that AAA and CCC are in a set. And I can only use one HTTPS. How can I make AAA and CCC independent?
I deleted both certificates and re-created certificates with each. I am also trying to delete the CCC site itself. However, it returns to exactly the same state.

It is easy to understand if I can use AAA for exmaple.com (exmaple.com) and CCC for site3.example.com (site3.example.com). I am doing this with BBB and DDD.

Please help,

 

[Bitpalast]

When you create the certificate for the main domain, you can de-select or select whether subdomains shall be included and which of them. If you only want the certificate to exist for the main domain, then do not select aliases/subdomains.

For each subdomain you can create a separate certificate. There is nospecial setting needed for that.

 

[TomBoB]

The setting of CCC: site3.example.com is "Lets Encrypt exmaple.com (site3.example.com)".
And the setting of AAA: example.com is "Lets Encrypt site3.example.com (example.com)".

sound like you got the certificates messed up. Maybe you changed hosting names / aliases at some point?

Have a look at this plesk article about how to correct entries in the database. Helped me out recently with a similar problem.
Make AAA properly: example.com is "Lets Encrypt example.com (example.com)" and
make CCC properly: site3.example.com is "Lets Encrypt site3.example.com (site3.example.com)".

Should do the trick.
Cheers,
Tom

 

[Zoo3]

Maybe you changed hosting names / aliases at some point?

I have neither changed the host name nor created an alias.

Have a look at this plesk article about how to correct entries in the database.

I tried running the article. That is the table below. Except domain name is genuine.

+----+-------------------------------------+--------+------------------------+
| id | name | rep_id | name |
+----+-------------------------------------+--------+------------------------+
| 2 | Backup sign certificate | NULL | NULL |
| 10 | Lets Encrypt site4.exmample.com | 3 | site4.exmample.com |
| 11 | Lets Encrypt site2.exmample.com | 2 | site2.exmample.com |
| 18 | Lets Encrypt site4.exmample.com | 3 | site4.exmample.com |
| 20 | Lets Encrypt site3.exmample.com | 4 | example.com |
| 20 | Lets Encrypt site3.exmample.com | 4 | site3.exmample.com |
| 21 | Lets Encrypt example.com | 4 | example.com |
| 21 | Lets Encrypt example.com | 4 | site3.exmample.com |
+----+-------------------------------------+--------+------------------------+

> update certificates set name="Lets Encrypt example.com" where id=21;
I did this and installed the certificate. But the situation does not change. The contents of the above table are also unchanged.

There is a strange point. The display in the Let's Encrypt item of either AAA or CCC is "install" instead of "update".
When I install the certificate on AAA, CCC displays "INSALL". When installed on CCC, AAA displays "INSTALL".

 

[Zoo3]

When you create the certificate for the main domain, you can de-select or select whether subdomains shall be included and which of them. If you only want the certificate to exist for the main domain, then do not select aliases/subdomains.

For each subdomain you can create a separate certificate. There is nospecial setting needed for that.

The choices for creating a certificate are "include www subdomain" and "protect webmail in this domain".
Since I do not use webmail, I disabled it. Regarding the WWW subdomain, I also do not use WWW so basically it is invalidated.
I tried validating the WWW subdomain and created a certificate, but the situation does not change.

 

[Zoo3]

I delete the (all)certificate of AAA and CCC using PLESK UI. Then install the certificate in AAA (main domain). I have not done anything in CCC.
And looking at the MySQL command* below, Let's Encrypt create two domains at the same time. And ID duplication.

*select c.id, c.name, r.rep_id, d.name from certificates c left join Repository r on (c.id = r.component_id) left join domains d on (r.rep_id = d.cert_rep_id) where r.rep_id not in (select val from misc where param = 'cert_rep_id') or r.rep_id is null;

+----+-------------------------------------+--------+------------------------+
| id | name | rep_id | name |
+----+-------------------------------------+--------+------------------------+
| 2 | Backup sign certificate | NULL | NULL |
| 10 | Lets Encrypt site4.exmample.com | 3 | site4.exmample.com |
| 11 | Lets Encrypt site2.exmample.com | 2 | site2.exmample.com |
| 22 | Lets Encrypt exmample.com | 4 | exmample.com |
| 22 | Lets Encrypt exmample.com | 4 | site3.exmample.com |
+----+-------------------------------------+--------+------------------------+

*I will refrain from further testing. Because it will have the number of regulations that can be created within one week of Let's Encrypt.