How to add an Lets encrypt certificate dynamically using CNAME verification?

Question

I have been working on a web app where users can create custom profiles of them and see it on their custom domain by adding an A record and CNAME record. If they have their profile on https://webapp.com/profile they can connect it with https://usercustomdomain.com/.

I’ve figured how to display the profile to the custom domain, but I its showing web page not secure. I tried to add SSL on that custom domain manually but then I have 2 problems:
1) Every time a user connects a domain I’ve to add a SSL manually.
2) It replaces the default website i.e. mywebapp.com 000-default-ssl.conf file in /etc/apache2/ to the users custom domain.

So, how do I lets encrypt add custom domain by verifying the cname automatically?

Appreciate your help!

Answer 1

bobbyiliev February 23, 2020

Hello,

If I understand this correctly, it sounds like that you need some kind of automation to create a new Nginx server block for each website, and then install the Let’s Encrypt SSL certificate for the new domain.

That way if you have a separate Nginx server block for each site, it would not override the content of your 000-default-ssl.conf config file.

Another option would be to ask your customers to use Cloudflare, that way you would not have to install Let’s Encrypt on your Droplet directly, but they would be able to use Cloudflare’s SSL certificates instead.

Hope that this helps!
Regards,
Bobby

Reply Report

Cybil February 24, 2020

Cloudflare seems a good option.
Just wanted to know, how does about.me adds a lets encrypt certificate on their domain mapping premium feature?
Any idea?
Reply Report
- bobbyiliev February 24, 2020
  
  Hi there @Cybil,
  
  I’ve not used about.me myself, but they probably have an automated system that verifies your domain name and issues a certificate. Then probably they use a proxy like HAproxy, Nginx or something similar to do the SSL termination.
  
  Regards,
  Bobby
  
  Reply Report
  
  Cybil February 24, 2020
  
  Thankyou so much Bobby!
  You’ve been of great help:D
  
  Reply Report
  
  bobbyiliev February 25, 2020
  
  Hi there @Cybil,
  
  No problem at all! Happy to help :)
  
  Regards,
  Bobby
  
  Reply Report
  
  Cybil June 1, 2020
  
  Hey, I am really in need for your help.
  I am working with a web app which provides custom domain for users. I want to set SSL for users domain using caddy as a reverse proxy.
  Can you please help me regarding this topic!!
  
  This is my problem
  Problem Link
  
  You can reply me here:
  https://www.digitalocean.com/community/questions/how-to-use-caddy-server-as-reverse-proxy-with-apache-2
  
  Appreciate your help!!
  
  Also the “How to install caddy on ubuntu 18 is outdated on DO”, Fortunately I had backup
  
  Reply Report
  
  bobbyiliev June 14, 2020
  
  Hi there @Cybil,
  
  It looks like the link to the question is no longer available. I hope that you’ve managed to get this all working at the end.
  
  Regards,
  Bobby
  
  Reply Report

Answer 2

Cybil February 24, 2020

Cloudflare seems a good option.
Just wanted to know, how does about.me adds a lets encrypt certificate on their domain mapping premium feature?
Any idea?
Reply Report
- bobbyiliev February 24, 2020
  
  Hi there @Cybil,
  
  I’ve not used about.me myself, but they probably have an automated system that verifies your domain name and issues a certificate. Then probably they use a proxy like HAproxy, Nginx or something similar to do the SSL termination.
  
  Regards,
  Bobby
  
  Reply Report
  
  Cybil February 24, 2020
  
  Thankyou so much Bobby!
  You’ve been of great help:D
  
  Reply Report
  
  bobbyiliev February 25, 2020
  
  Hi there @Cybil,
  
  No problem at all! Happy to help :)
  
  Regards,
  Bobby
  
  Reply Report
  
  Cybil June 1, 2020
  
  Hey, I am really in need for your help.
  I am working with a web app which provides custom domain for users. I want to set SSL for users domain using caddy as a reverse proxy.
  Can you please help me regarding this topic!!
  
  This is my problem
  Problem Link
  
  You can reply me here:
  https://www.digitalocean.com/community/questions/how-to-use-caddy-server-as-reverse-proxy-with-apache-2
  
  Appreciate your help!!
  
  Also the “How to install caddy on ubuntu 18 is outdated on DO”, Fortunately I had backup
  
  Reply Report
  
  bobbyiliev June 14, 2020
  
  Hi there @Cybil,
  
  It looks like the link to the question is no longer available. I hope that you’ve managed to get this all working at the end.
  
  Regards,
  Bobby
  
  Reply Report

Related

Question

How to add an Lets encrypt certificate dynamically using CNAME verification?

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How to add an Lets encrypt certificate dynamically using CNAME verification?

Leave a comment

Related

question

How to solve Unable to query docker version: Cannot connect to the docker engine endpoint

question

Configuring virtual dev server - Apache question

question

How to enable gzip on Digitalocean Spaces?

question

I want to set up my Zip file on digital ocean server

Looking for something else?