LetsEncrypt SSL cert for subdomain only

Question

The nameserver for my base domain is Google, which I’d like to keep to handle my product website & email. I’ve added the DigitalOcean NS entries for my subdomain app. This all resolves fine.

However, I’m trying to create an SSL cert in the DO panel, and it fails to recognize my subdomain (app.domain.com) for the cert without using the primary domain (domain.com) which won’t work because it’s on Google.

Is there a way to create a cert in DO panel for just a subdomain or will I need to create one manually?

Answer 1

KFSys March 11, 2021

Hi @kdumont,

If you are using a standard Droplet, you should be able to install certbot from inside of it.

How does it work?

Point the subdomain’s A record to your Droplet
SSH to your Droplet
Make sure you have a WebService like Nginx or Apache

Nginx
To install certbot and it’s Nginx plugin you can execute the following command on your Droplet:

sudo apt install certbot python3-certbot-nginx

Apache

To install certbot and it’s Apache plugin you can execute the following command on your Droplet:

sudo apt install certbot python3-certbot-apache

Obtaining an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:

Nginx

sudo certbot --nginx -d example.com -d www.example.com

Apache

certbot --apache

That should be it.

Regards,
KFSys

Reply Report

kdumont March 11, 2021

@KFSys thanks for the reply! I failed to mention I am also using a load balancer. Is it simple to use the same cert on the load balancer or should I use ssl passthrough?
Reply Report
- KFSys March 15, 2021
  
  Hi @kdumont,
  
  I believe you should be using ssl passthrough in this case.
  
  Unless you create the same certificate on both Load Balancers.
  
  Reply Report

Answer 2

kdumont March 11, 2021

@KFSys thanks for the reply! I failed to mention I am also using a load balancer. Is it simple to use the same cert on the load balancer or should I use ssl passthrough?
Reply Report
- KFSys March 15, 2021
  
  Hi @kdumont,
  
  I believe you should be using ssl passthrough in this case.
  
  Unless you create the same certificate on both Load Balancers.
  
  Reply Report

Related

Question

LetsEncrypt SSL cert for subdomain only

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

LetsEncrypt SSL cert for subdomain only

Related

Leave a comment

Related

question

how to enable HTTP/2 after installing SSL via letsencrypt in command line

question

Webmin - Lets' encrypt SSL_ERROR_RX_RECORD_TOO_LONG (Firefox)

question

How can I enable OTR on eJabberd server?

question

How do I get Nginx to pick changes in site config file.

Looking for something else?