Redirecting to another droplet from a secure droplet through subdomains

April 18, 2017 331 views
Nginx DNS Django Ubuntu 16.04


I have successfully created a droplet with Ubuntu 16.04 running my secure django app through Letsencypt. My droplet serves "example.com" and "www.example.com" and I can see the green lock on my firefox when pointing to this application.

I would like to create two subdomains (sub1.example.com and sub2.example.com) but on two other droplets. I would like to know the exact procedure if possible.

I understand that the first step is to "expand" the letsencrypt keys to include the two new domains. But what comes next? Please, can you be as much elaborate as possible? Please, keep in mind that the new droplets will have to be secure, too.

2 Answers
hansen April 18, 2017
Accepted Answer

I think you are misunderstanding me.
Your DNS A-records should look like this:

@    -> droplet_ip_1
www  -> droplet_ip_1
sub1 -> droplet_ip_2
sub2 -> droplet_ip_3

Then you can use Let's Encrypt to encrypt example.com and www.example.com on Droplet1. And you can encrypt sub1.example.com on Droplet2, and sub2.example.com on Droplet3.

  • Thank you very much @hansen. This makes sense. I didn't know that you could install letsencrypt without registering a base domain for the server.

    • @xpanta

      Post your Nginx server block configuration from Droplet2 - you have something, which blocks access for Let's Encrypt to validate.

      And you probably have configured everything to redirect to HTTPS, which is fine, when the certificate is working.

      You cannot have a Let's Encrypt certificate for an IP address.

      • don't worry. I fixed it. :-) It was a typo (as usually) on my letsencrypt installation instruction.

        I removed the comment but you responded too quickly. Thanks for your time and concern. I am still in the middle of the process. I will report if anything comes up.

Hi @xpanta

You simply point the DNS A-record for dns1.example.com to another droplet, login to that droplet and work on that, just like you did on the first droplet.

You need to generate the Let's Encrypt from the droplet that are going to use it. It is possible to do some advanced stuff, but that's outside the scope.

So in some sense, the different droplets and their certificates has nothing to do with each other.

  • Thank you. My problem is that "example.com" is secured with letsencrypt. Making the redirect to my other droplet the user will get a "site not secured" message on his/her browser. Unless I secure my other droplet with letsencrypt, too. How am I supposed to do that, since I won't be registering a domain for that droplet and I will be using the subdomain of "example.com"? I think letsencrypt requires a registered domain to work.

Have another answer? Share your knowledge.