Let's Encrypt subdomain configuration best way

April 4, 2016 7.3k views
Let's Encrypt DNS Debian
TomFr
By:
TomFr

Hi all,

I have multiple machine and a reverse proxy to route web request to good server.

Machine 1 : zeus.mydomain.fr
Machine 2 : cloud.mydomain.fr

I want to secure web server by using Let’s Encrypt free certificat.

Can I ask certificats for zeus.mydomain.fr and cloud.mydomain.fr or have I to define two subdomains to my domain provider and generate certificats for zeus.mydomain.fr/www.zeus.mydomain.fr and cloud.mydomain.fr/www.cloud.mydomain.fr

Thanks for your help

1 comment
  • fahadsnafee May 25, 2016

    <VirtualHost example.com:443>
    ServerName www.example.com
    DocumentRoot /var/www/html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>

    This has been written by you to select a specific SSL Certification for each servername below sub domain

    <VirtualHost example.com:443>
    ServerName example.example.com
    DocumentRoot /var/www/exampletext/public_html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.example.com/privkey.pem
    </VirtualHost>

    this is my httpd.conf if access my domain fihad.com:443 or fourm.fihad.com:443 you’ll see main and sub got their certification

    you can simple just generate a certification using certbot-auto for that sub domain then just put the path to that certfile for sub

Log In to Comment
2 Answers
mragusa April 5, 2016

Hello,

In order to use SSL for both hostnames, you will need to generate one certificate per hostname but you can use the SAN field in the SSL certificates to define the www alias.

Please let us know if there is anything else we can help you with.

Best,
Mike
DigitalOcean Support
Check out our community for great tutorials, articles and FAQs!
https://digitalocean.com/community

Reply
  • dgbau May 22, 2016

    Hi Mike, I am having trouble with this too, my main domain is working fine, but the www is throwing warnings in the browser (and it says its registered to bing??) at first, the main domain worked, then I added another cert for www, that messed things up and both threw errors. I then revoked the www cert, and created a new cert with both man and www and opted to “expand” and replace old certs, now main domain works fine but www is throwing errors.

    domain is dctrl.net

    any help would be much appreciated!

    ps how do I not get spamblocked? I tried to post this question on the community twice, and got spam smackdowned both times.

TomFr April 5, 2016

Hello mragusa,

thanks for your answer. I’m not sure to understand your answer. If I understand, I can generate with Let’s Encrypt a certificat for both hostnames?

Thanks

Reply
Have another answer? Share your knowledge.

Related Questions