[Solved] problems installing ssl certificate in subdomain

[retrope]

Hi! I have a configuration problem for an ssl certificate in the subdomain (smoothjazz.fmlima.com) the other subdomains that I have seem to work fine, however this subdomain cannot obtain the ssl certificate. Could you help me and configure it for the main domain (fmlima.com) and the sub-domains?

Thank you so much!

[Luigi123]

Add this code in the .htaccess file or create one inside the public_html folder if you don’t have one yet. That way it will force users automatically to use https.

 

RewriteEngine On

RewriteCond %{HTTPS} !=on

RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$

RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

SSL certificates have already been issued to other subdomains as I just check on my end but they aren’t forcing it. So with the code above, this will help to solve your issue a lot quicker.

[retrope]

I have followed the steps indicated, but unfortunately it has not worked. I can't get the subdomain (smoothjazz.fmlima.com) to get ssl certificate. The others if they work well. what else could i do?

Edited February 18, 2021 by retrope

[Luigi123]

When did you create the subdomains?

 

If it was today, then this usually takes a bit of time like an hour or so for auto ssl to get effective to each of your subdomains and after that, you shouldn’t see any more issues.

[retrope]

When did you create the subdomains?

 

If it was today, then this usually takes a bit of time like an hour or so for auto ssl to get effective to each of your subdomains and after that, you shouldn’t see any more issues.

I created the subdomain yesterday, Feb. 16. It is very strange, since it does not work only for that subdomain. the others if they work with your certificate. any solution?

 

[Luigi123]

Weird, I’ve never had any problems with one of my subdomains before when I used to host a live website, but not sure why that domain doesn't seem to be friendly with the auto ssl feature but others are working fine.

 

Can you try to remove that subdomain and recreate it again just so the ssl can refresh itself to make it work fully functional? Don’t worry, it won’t delete the files in your subdomain folder but I recommend doing a backup first just in case.

[wolstech]

10:50:03 AM Analyzing “smoothjazz.fmlima.com” …
 10:50:03 AM ERROR TLS Status: Defective
 Certificate expiry: 9/6/35, 3:01 AM UTC (5,312.47 days from now)
 ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
 ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (1:19:SELF_SIGNED_CERT_IN_CHAIN).
 ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (1:10:CERT_HAS_EXPIRED).
 Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.

You installed an origin certificate from Cloudflare which broke it. I deleted CF's certificate and re-ran it, it should work now:

 10:56:01 AM The system will attempt to renew the SSL certificate for the website (smoothjazz.fmlima.com: smoothjazz.fmlima.com www.smoothjazz.fmlima.com).
 10:56:04 AM The cPanel Store received “smoothjazz.fmlima.com”’s certificate order. (Order Item ID: 1119463613) The system will periodically poll the cPanel Store for the issued certificate and then install it after a successful retrieval.
 The system has completed “retrope”’s AutoSSL check.

[Luigi123]

That’s what I’m about to say too! I remember we have this issue with another user and we told him to remove the cloudflare ssl from Tommy because both SSL are not getting along with each other and the best way to fix this is to remove cloudflare ssl and just run Tommy’s autossl instead.

[wolstech]

Yeah, this was a classic Cloudfaile  There's a reason we don't recommend CF.

 

His issue here though was that he was trying to use a CF origin certificate without CF, which won't work. I just deleted the CF origin cert and told the server to get him one from AutoSSL.

 

EDIT: I'm still waiting on Apache to restart for this to finish installing.

Edited February 18, 2021 by wolstech

[retrope]

Yeah, this was a classic Cloudfaile

 

There's a reason we don't recommend CF.

hi! thanks for your support. I will tell you to delete the subdomain and recreate it, I did this before reading your comments. I hope it is resolved, I will wait at least an hour to see if everything is in accordance with the certificate of the subdomain, I will wait and report the result soon.

 

[wolstech]

I just edited my post as you were typing

 

I'm waiting on Apache to restart, but I did check and the AutoSSL cert is showing as installed for that domain...just got to give it some time I think.

[retrope]

Thanks! The certificate issue for the subdomain has been resolved successfully. I remember the cloudflare certificate, however it has been eliminated a long time ago, I suppose that some codes were left in the hosting. I understand about cloudflare, thank you so much! (topic closed for me)

 

[Luigi123]

Great!

 

Let us know if you need anything else and we will do our best to assist you