SSL Error with Multiple domains

trellis
1

Hi guys,

I’m setting up a new website with multiple canonical domains, one for each language via Polylang. Both the domains are pointed to the droplet’s IP(DO).

Everything is working fine for the .com domain. However, the .de receives an SSL error. “Your connection is not private”. I believe the browser is receiving the .com certificate for the .de domain?

It’s the last thing standing in the way of getting the site live. Any experiences with this issue would be great.

Thanks!
Jan

Edit:
Tried reprovisioning, no errors.
Tried reprovisioning, with --wordpress and --letsencrypt flags, no errors.

2

@jankups Perhaps you first provisioned (with LE enabled) with only the .com in your list of site_hosts, then provisioned again later after adding the .de. If so, note that Trellis does not yet recreate the SSL cert if you alter the site_hosts. This will be fixed by roots/trellis#630 (needs reviewers and testers) or something similar.

Could you verify that your cert covers the .de? SSH in to the remote, then:

sudo grep -i backpackkit.de /etc/nginx/ssl/letsencrypt/backpackkit.com-bundled.cert

The renew-certs.py script calls acme_tiny.py, together printing the domain names into the cert file, so the cert file should begin roughly like this:

Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying backpackkit.com...
backpackkit.com verified!
Verifying www.backpackkit.com...
www.backpackkit.com verified!
Verifying backpackkit.de...
backpackkit.de verified!
Signing certificate...
Certificate signed!
-----BEGIN CERTIFICATE-----

If the .de domain is missing from the cert file, try this (workaround till roots/trellis#630 is merged):

  • delete the CSRs in /var/lib/letsencrypt/csrs
  • delete the certs in /etc/nginx/ssl/letsencrypt
  • run ansible-playbook server.yml -e env=production --tags letsencrypt
  • clear browser cache and visit the .de to see if its cert works properly
2 Likes
3

Your intuition was right. I have added the .de domain to the host list after provisioning.

The .de domain was not included in cert. I have followed the steps to delete the CSRs/certs and re-run the playbook with the letsencrypt tag. It worked straight away.

Thanks a million @fullyint !

1 Like