SSL Error with Multiple domains

Hi guys,

I’m setting up a new website with multiple canonical domains, one for each language via Polylang. Both the domains are pointed to the droplet’s IP(DO).

Everything is working fine for the .com domain. However, the .de receives an SSL error. “Your connection is not private”. I believe the browser is receiving the .com certificate for the .de domain?

It’s the last thing standing in the way of getting the site live. Any experiences with this issue would be great.


Tried reprovisioning, no errors.
Tried reprovisioning, with --wordpress and --letsencrypt flags, no errors.

@jankups Perhaps you first provisioned (with LE enabled) with only the .com in your list of site_hosts, then provisioned again later after adding the .de. If so, note that Trellis does not yet recreate the SSL cert if you alter the site_hosts. This will be fixed by roots/trellis#630 (needs reviewers and testers) or something similar.

Could you verify that your cert covers the .de? SSH in to the remote, then:

sudo grep -i /etc/nginx/ssl/letsencrypt/

The script calls, together printing the domain names into the cert file, so the cert file should begin roughly like this:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying verified!
Verifying verified!
Verifying verified!
Signing certificate...
Certificate signed!

If the .de domain is missing from the cert file, try this (workaround till roots/trellis#630 is merged):

  • delete the CSRs in /var/lib/letsencrypt/csrs
  • delete the certs in /etc/nginx/ssl/letsencrypt
  • run ansible-playbook server.yml -e env=production --tags letsencrypt
  • clear browser cache and visit the .de to see if its cert works properly

Your intuition was right. I have added the .de domain to the host list after provisioning.

The .de domain was not included in cert. I have followed the steps to delete the CSRs/certs and re-run the playbook with the letsencrypt tag. It worked straight away.

Thanks a million @fullyint !

1 Like