DigitalOcean

Question

Adding alias domains with SSL to my website

I recently registered a new domain that I’d like to add as an alias to my website. I’ve added the new domain to my project but I’m a little confused as to how to configure it as an alias.

I added a CNAME record for the new domain that points to the current domain, as per this article. However, when I access the new domain, my browser returns an “ERR_CERT_COMMON_NAME_INVALID” error. I assume this means that a valid SSL certificate needs to be added for the new domain.

Does this mean that I need to add a Let’s Encrypt SSL certificate for the new domain, like I did for the old one when I created the site? Or do I replace the site’s existing Let’s Encrypt certificate with a brand new one that includes both domains?

FWIW, my droplet is running Ubuntu 20.04 and uses Apache.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
December 28, 2023
Accepted Answer

Hi there!

Let’s start by identifying the root cause. The ERR_CERT_COMMON_NAME_INVALID error indicates a mismatch between your SSL certificate and the new domain. It’s essential to ensure that your SSL certificate acknowledges your new domain, similar to adding an authorized guest to an exclusive list.

Configuring Apache for the New Domain Alias: Now, let’s focus on updating your Apache configuration to recognize the new domain:

  1. Access your Apache virtual host configuration file, typically located at /etc/apache2/sites-available/your-config-file.conf.

  2. Within this file, locate the ServerName directive, which specifies your primary domain. Directly beneath it, insert ServerAlias your-new-domain.com. This directive instructs Apache to treat requests for your new domain as if they were for the primary domain.

  3. Save your modifications and exit the editor. This step integrates your new domain into the Apache configuration.

Testing Configuration and Restarting Apache: It’s crucial to validate the changes and ensure Apache is running smoothly:

  1. Execute sudo apache2ctl configtest. This command performs a syntax check of your Apache configuration files. A “Syntax OK” message indicates that the configuration is error-free.

  2. Provided the configuration test passes, proceed to restart Apache using sudo systemctl restart apache2. This action applies the new configuration settings.

Expanding the SSL Certificate with Certbot: The final step involves updating your SSL certificate to include the new domain:

  1. Run the command sudo certbot --expand -d existingdomain.com -d newdomain.com. This instructs Certbot to update your existing SSL certificate to cover the new domain.

  2. Follow the on-screen prompts provided by Certbot to complete the process.

  3. Upon completion, your SSL certificate should now encompass your new domain, ensuring secure connections.

Let me know how it goes!

Best,

Bobby

KFSys
Site Moderator
Site Moderator badge
December 28, 2023

Heya,

Here’s what you need to do:

  1. Update SSL Certificate for Both Domains: You don’t necessarily need to replace your existing SSL certificate; you can update it to include the new domain. This process involves generating a new certificate that covers both your original domain and the new alias.

  2. Using Let’s Encrypt for Multiple Domains: Since you’re already using Let’s Encrypt, you can use it to generate a certificate that covers both domains. This is done using the certbot command with both domains specified.

Here’s a step-by-step guide:

Step 1: Update Apache Configuration

  • Ensure that your Apache configuration for the site includes the new domain as a ServerAlias.
  • For example, in your site’s configuration file (/etc/apache2/sites-available/your-site.conf), add:
ServerAlias newdomain.com

Step 2: Generate a New SSL Certificate

  • Run Certbot with both domains specified. The command would look something like this:
sudo certbot --apache -d existingdomain.com -d newdomain.com
  • This command tells Certbot to obtain a certificate that covers both your original domain and the new one.
  • Follow the prompts to complete the process.

Step 3: Verify Apache Configuration

  • After obtaining the certificate, Certbot usually updates the Apache configuration automatically. However, it’s good practice to check.
  • Ensure the SSLCertificateFile and SSLCertificateKeyFile directives in your Apache configuration are pointing to the new certificate files.

Step 4: Restart Apache

  • Once everything is set up, restart Apache to apply the changes:
sudo systemctl restart apache2

Step 5: Test Your Configuration

  • After restarting Apache, test both the original and new domains in your web browser to ensure they are serving over HTTPS without errors.
  • You can also use an SSL checker online to verify that both domains are covered by the SSL certificate.

Remember, every time you renew your SSL certificate with Let’s Encrypt, both domains will be included. It’s essential to keep your SSL certificates up to date to avoid any security warnings or accessibility issues with your site.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.