Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
DNS A record not redirect to public static IP. Already 4 days ago i was create A record but not working Question Question
Certbot nginx plugin could not open file Question Question

Question

Let's Encrypt subdomain configuration best way

Posted April 4, 2016 11.9k views
DebianDNSLet's Encrypt

Hi all,

I have multiple machine and a reverse proxy to route web request to good server.

Machine 1 : zeus.mydomain.fr
Machine 2 : cloud.mydomain.fr

I want to secure web server by using Let’s Encrypt free certificat.

Can I ask certificats for zeus.mydomain.fr and cloud.mydomain.fr or have I to define two subdomains to my domain provider and generate certificats for zeus.mydomain.fr/www.zeus.mydomain.fr and cloud.mydomain.fr/www.cloud.mydomain.fr

Thanks for your help

Add a comment
TomFr
By:
TomFr

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
DNS A record not redirect to public static IP. Already 4 days ago i was create A record but not working Question Question
Certbot nginx plugin could not open file Question Question
Add a comment
1 comment
  • fahadsnafee May 25, 2016
    Reply Report

    <VirtualHost example.com:443>
    ServerName www.example.com
    DocumentRoot /var/www/html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>

    This has been written by you to select a specific SSL Certification for each servername

    below sub domain

    <VirtualHost example.com:443>
    ServerName example.example.com
    DocumentRoot /var/www/exampletext/public_html/
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.example.com/privkey.pem
    </VirtualHost>

    this is my httpd.conf if access my domain fihad.com:443 or fourm.fihad.com:443 you’ll see main and sub got their certification

    you can simple just generate a certification using certbot-auto for that sub domain then just put the path to that certfile for sub

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
mragusa April 5, 2016

Hello,

In order to use SSL for both hostnames, you will need to generate one certificate per hostname but you can use the SAN field in the SSL certificates to define the www alias.

Please let us know if there is anything else we can help you with.

Best,
Mike
DigitalOcean Support
Check out our community for great tutorials, articles and FAQs!
https://digitalocean.com/community

Reply Report
  • dgbau May 22, 2016

    Hi Mike, I am having trouble with this too, my main domain is working fine, but the www is throwing warnings in the browser (and it says its registered to bing??) at first, the main domain worked, then I added another cert for www, that messed things up and both threw errors. I then revoked the www cert, and created a new cert with both man and www and opted to “expand” and replace old certs, now main domain works fine but www is throwing errors.

    domain is dctrl.net

    any help would be much appreciated!

    ps how do I not get spamblocked? I tried to post this question on the community twice, and got spam smackdowned both times.

    Reply Report
TomFr April 5, 2016

Hello mragusa,

thanks for your answer. I’m not sure to understand your answer. If I understand, I can generate with Let’s Encrypt a certificat for both hostnames?

Thanks

Reply Report

Related

Looking for something else?

Ask a new question Search for more help