Multisite let's encrypt not working for me for mapped domains

Hi all!

I’m trying to activate https in all the domains i have in my multisite installation but is not working for me.
My group_vars/production/wordpress_sites.yml is

      enabled: true
      subdomains: true
      enabled: true
      provider: letsencrypt

And the nginx configuration and let’s encript settings seems to be created properly (no errors) but the https only work for the main domain

For the other one that is really a mapped domain for the suddomain lasrecetasdeguada.juanmaguitar,com doesn’t work. it seems that the certifificate is not created properly for this second domain.

The thing is that after provisioning when i access to it redirects me to with the proper certificate and everything works fine

But when i access to it redirects me to without a proper certificate so i get an error (insecure page or something like that). I can add an exception to the https error but then the images (amazon s3) doesn’t work properly (mixed protocols or something)

Is there anything else i should take into account?? Any ideas?

Thanks in advance!!

Solved on my own!!

The certificate wasn’t being properly created for different domains so the solution for me was creating them manually

1- Cloning let’s encrypt tools in a temporal folder

git clone
$ cd letsencrypt

2- Once inside the folder we can create the certificates for several domains by doing (in my case)

(we need to stop nginx server first)

sudo service nginx stop

./letsencrypt-auto certonly -a standalone -d,,,

3- The certificate (valid for all these domains) are created at /etc/letsencrypt/live/ so the only thing left is replacing them in the proper .conf used by nginx

ssl_certificate  /etc/letsencrypt/live/<our-domain>/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/<our-domain>/privkey.pem;

And finally we restart the nginx server by doing

sudo service nginx start

And that’s it! :slight_smile:


so there’s no way to have this controlled by Trellis instead? won’t this get overwritten next time the server is provisioned?