Hello, I set up site tonaspil.is under Sites and I'm using Aliasdomain ton.zix.is for development. When I choose Let's Encrypt certificate is not set correctly up. Do I need to set up in DNS or use other method. How to fix ?
The letsencryp cert contains the alias domain automatically. You just have to ensure that the alias domain points already in dns to the same IP then the main ip of the website before you add the alias domain to the website.
@till - thanks for answer. I added an A record in DNS ton>ip-adress I deleted aliasdomain and made new, still not working.
@till - thanks for answer. In letsencrypt log I get this message: Code: 2017-06-02 15:58:06,553:DEBUG:certbot.cert_manager:Renewal conf file /etc/letsencrypt/renewal/powaer.com.conf is broken. Skipping. 2017-06-02 15:58:06,554:DEBUG:certbot.cert_manager:Traceback was: Traceback (most recent call last): File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cert_manager.py", line 246, in _search_lineages candidate_lineage = storage.RenewableCert(renewal_file, cli_config) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/storage.py", line 382, in __init__ "file reference".format(self.configfile)) CertStorageError: renewal config file {} is missing a required file reference Also not sure for how to set up. DNS: A record ton>ip . . . zix.is is working with le and ssl/le set > aliasdomain set ton.zix.is > tonspil.is I'm not sure if I mark ssl/le here ?
The messages that you posted are about a different SSL cert. Search in the log for the domain name of the website.
Aliasdomains do not have an SSL checkbox, they belong to the website and use the SSL cert and settings of the main website. Or do you mix up aliasdomains and vhost aliasdomains here?
@till - . . . tonspil.is is still hosted at customer old isp . . . I want to set up ton.zix.is for development and domain will move to me later . . . in ispConfig under "Websites" I have two sites tonspil.is and zix.is and under "Aliasdomain for website" I have ton.zix.is pointing to tonspil.is. Also not sure where to look for log and if you are talking about log for tonspil.is or zix.is ?
Let's encrypt requires it that the domain that you want to enable it for is already pointing to the server as let's encrypt tries to reach it there. If it can't reach it, no SSL cert is created for that domain and if the domain is the main domain of the site, then the SSL cert will probably fail completely even for the alias domain too. You should consider creating a self-signed SSL cert for the site until you move it to the server.
