Hello. I have a big problem with SSL. Today Let’s encrypt don’t renew my domains. One of them is a subdomain of linkpc.net and the log says “too many certificates already issued for: linkpc.net”.
So i need the certificate of another certifier. I think that https://zerossl.com is a good option, but in the second step the web tell me that i have to put a file in this
.well-known/acme-challenge/
¿Where is this directory? ¿Where can i put the file?
Regards.
Check your /etc/nginx/conf.d/local.conf file and see (around line 36) this location is aliased as follows:
location /.well-known/acme-challenge/ {
# This path must be served over HTTP for ACME domain validation.
# We map this to a special path where our TLS cert provisioning
# tool knows to store challenge response files.
alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
}
Then, the real location you asked for is:
/home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/
Pffff… doesn’t work.
In /home/user-data/ssl/lets_encrypt/webroot/ there is no folders called .well-known
Yes… is a hidden folder because it begins with a dot. But there is no hidden folders with that name.
So i create manually the following folder
/home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge
But if i put something in it, i can’t see it in https://mydomain/.well-known/acme-challenge.
I’m very worried about this.
Ok. Now i have a certificate manually installed in the admin panel. I see in two of my 5 domains this text.
Signed & valid. The certificate expires in 89 days on 01/22/19.
If i enter to the webpage i don’t see error and the certificate is valid.
But if I use imap the error remains. The imap server is one that i renew the certificate. have I to put the certificate in another place?
I see… the imap server that i configure is mydomain.com but the certificate that mail-in-a-box is taking is box.mydomain.com
¿Can i change this certificate? I have two differents certificates for domain.com and for box.domain.com
OK. I think that i need only one csr to generate only one certificate for all domains, instead of one certificate for each domain.
¿How can i do it?