Question

How to add an SSL Certificate to a non toplevel domain managed by digitalocean nameservers ?

Posted March 19, 2020 520 views
DigitalOcean Managed Load Balancers

Hi,

My scenario is as followed. I do own a toplevel domain (example.com will do as an example). This is currently managed by Amazon Route 53.

On Route53 i configured a subdomain (app.example.com) to be managed by digitalocean nameservers.

This subdomain is then routed by a digitalocean loadbalancer to two droplets. This is working fine.

Now i would love to add a SSL certificate to this setup. Ideally managed automatically by digitalocean/let’s encrypt.

But i cannot configure this subdomain to use with the SSL certificate. The frontend insists to have a toplevel domain.

Is there a way to make my setup working ? Moving the whole TLD to digitalocean is not possible at the moment.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hey @stijink,

I think that this might not be doable as of the time being. I would recommend checking the answer here:

https://www.digitalocean.com/community/questions/do-loadbalancer-won-t-add-lets-encrypt-cert-for-subdomain-that-do-is-managing?answer=49882

The best thing to do to get your voice heard regarding this would be to head over to our Product Ideas board and post a new idea, including as much information as possible for what you’d like to see implemented.

https://ideas.digitalocean.com/

Hope that helps!
- Bobby.

Hi,

I would recommend just moving your DNS management over to DigitalOcean, it is a free service that they offer, compared to Amazon Route 53 which could be super costly.

I’ve had situations where Amazon Route 53 was the most expensive thing on my AWS bill.

Hi,

thank you for your replies. Our current infrastructure is quite large, so we cannot just move the whole DNS management over at once. My approach with this was to migrate one part after another to digitalocean.

Maybe i have to setup a dedicated loadbalancer (on a droplet) then until things change.

Submit an Answer