Configure subdomain for wordpress testing


I have a domain with a wordpress (WP) installation working and public with Nginx web server. Now I was trying to set up a testing environment by using a subdomain
I have added a CNAME entry in Cloudflare. I attach a screenshot of it. The IPs seen are from my raspberrypi4 (RP4) at home.

Then in the RP4 I have one Wordpress installation for the domain and the subdomain. In the domain I have the let’s encrypt certificate working, then when I want to configure the certificate for the subdomain the certbot complains saying I already have a certificate for the main domain.

The root domain WP installation works well but when I try to access the subdomain WP installation I get the error: “This site can’t be reached” “ERR_NAME_NOT_RESOLVED”

My questions are how do I have to configure the Cloudflare and then how do I have to configure the Nginx for supporting the certificates? do I need one for each subdomain and for root domain? or I can use the root domain one for all subdomains?

can you give me a hand with this?


May I ask if you’re having the same content on t1 and naked non-www/www domain or different one?

I’d rather use A type for t1 sub-domain and point it to the IP address.

Therefore, having separate .vhost files in Nginx for multiple different domains/sub-domains should work.

Due to the error you got in your Web browser, maybe the DNS didn’t propagate so fast at first time.
May I ask have you tried using a different Web browser, or tried clearing your Web browser cache?
How about using a Private window (Incognito mode) or a VPN connection if possible?
Is it the same behaviour on your mobile phone (4G LTE, mobile data, cellular)?

I guess it’s because you’re using a CNAME which points to your naked-domain, and the request in the background results in some, I guess, redirection to the domain which as you state, certbot says alrady is having a valid SSL certificate since you’ve used a command before to issue it for naked and www domain.

In your conf file you’re pointing to the SSL certificate of naked-domain and www, which doesn’t cover your t1 sub-domain in the “alternative names” of it.

I remember I was using multiple domains, naked and other sub-domains on the same SSL certificate (SNI) where there was one common and other alternative names visible and a valid for all fo them. You can keep it like that, if it’s easier for you to manage.

For a hostname → Cloudflare proxy :orange: mode won’t work.

The issue you would experience is described at the article from below, therefore if you’d like to use a “deep-level” sub-domain you can do it with Advanced Certificate Manager because Cloudflare’s Universal SSL covers only 1st level of a sub-domain like and proxy :orange: mode will work for it (just not for www.t1):

Hi, thanks for your quick reply.

I’ve tried to access to the with a private window and with the mobile phone 5G connection and it works. However, there are two problems:

  1. the connection can be established with but not with I suppose it’s because the CNAME is not including this later case. But I don’t know what’s my CNAME doing and why it is working. From what I know a CNAME for example of:
    CNAME | food.web-server | eat.web-server, hungry.web-server would resolve these two names into the food.web-server. But I don’t get what’s the point of resolving to t1 …
    I guess it’s not usual to use a but instead one just uses,,, etc.

being said this, I say I’d have to substitute the CNAME that I have for an A register with:
A | www | 207.188.x.y

  1. the certificate is invalid because the subdomain was not included at the moment of creating the certificate but what I want is to have another certificate for the subdomain. The certbot command complains. Can this be solved by just correcting the DNS entries and using the A register instead of the CNAME that I have?

In he RP4 there are a couple more of websites with their own domain and their own certificates so I guess the SNI is working correctly.


I could solve it in the following way:

substitute the CNAME register by an A register with the IP of the RP4
run the certbot command but specifying only the subdomain:
sudo certbot certonly -a webroot --webroot-path=/var/www/ -d
sudo openssl dhparam -out /etc/ssl/certs/dhparam-t1.datawebpro.pem 2048

then modify accordingly the .conf of the nginx

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.