1Answer

Subdomain is on different EC2 instance, SSL is giving “Your connection is not private” error

16.5k Views

8

1 Answer

I have example.com, test.example.com and example.org.

example.com and example.org are hosted on 2 different EC2 instances. I want example.org content to be shown at test.example.com.

This is what I have done -

Installed letsencrypt ssl certificate for data.example.com (earlier only example.com and example.org had SSL vie LE).
Added A record of example.org IP in the DNS of example.com so test.example.com now points to example.org IP.

Now when I open https://test.example.com, it is showing "your connection is not private" error. What am I doing wrong?

1

Bedi Mclennan Aug 16,2020

i think you mistiped some example.org ...

0

Caroline Millar

Caroline Millar Added an answer on Aug 16,2020

You need a certificate signed for the domain you're using it on.

If http://test.example.org is using example.com's SSL certificate, then yes, this is not OK and every browser will complain about it.

In your web server, you should set up a virtual host with its own SSL certificate for every domain server that needs one.

Look for the files in /etc/apache2/sites-available that correspond to each domain and make sure that:

The configuration file corresponds to an SSL site (i.e. uses port 443 and sets SSL certificates properties for this site)
Each site is configured to use its corresponding SSL certificate
There's a symbolic link in /etc/apache2/sites-enabled pointing to the configuration file on sites-available
You've restarted Apache after making any modification to these files

Reply

2

Vadimka Baluyants Aug 16,2020

Hi, I already created a virtual host file. I can access test.example.com but can't access test.example.com. I added A record with "test" as host and value as server IP, but test.example.com is showing content of example.com. Here is my vhost file for test.example.com, do I need to edit it for ssl? pastebin.com/wmLG0E2w

2

Caroline Millar Aug 16,2020

That file is for http, not https. Look at /etc/apache2/sites-available/default-ssl or some similar file to get how it has to be configured. Mine is at pastebin.com/yqhVqRu9

2

Vadimka Baluyants Aug 16,2020

I have default-ssl.conf in sites-available and homer-le-ssl.conf in sites-enabled which has following data pastebin.com/xp4fp8Xt. But I have read that I shouldn't edit sites-enabled file, so how to enter ssl details for test.example.com?

Caroline Millar Aug 16,2020

Yo have to use different SSL certificates for every domain/site. Check your configuration in that homer-le-ssl.conf file. site-enabled dir files are usually symbolic links to files in sites-available directory - that way it gets very easy to enable or disable sites, by just creating and deleting symbolic links and restarting Apache.