Topic: Lets Encrypt -multiple sub domains -

[k_graham]

I have a site hosted on line which uses "letsencrypt" as example https://domainzzz.com

And a local domain using sme server as example http://home.domainzzz.com

Of course trying to log into the local domain from the web as https://home.domainzzz.com brings up a warning for self signed certificate. Would I try and create the certificate from the hosted on line  cpanel of actual domain or attempt to install the "letsencrypt" contrib here for the home.domainzzz.com which is the smeserver?

[ReetP]

It's a tricky scenario.

It will depend on how you have your home server set up.

If it is set with 'domainxzzz.com' and a host 'home.domainzzz.com' then it will prove difficult because the local server will want a local certificate for both 'domainxzzz.com' and 'home.domainzzz.com' - it relies on a 'bundle rather than separate domain certificates so you can't just get one for the host (It's the way it currently works, and a limitation we would eventually like to overcome)

Someone else may have a hack to fix this temporarily, but it will not get fixed on SME v9.

[mmccarn]

If the public DNS for home.domainzzz.com points to your SME's WAN then you should be able to install the letsencrypt contrib and let it generate a cert for that domain.

[ReetP]

If the public DNS for home.domainzzz.com points to your SME's WAN then you should be able to install the letsencrypt contrib and let it generate a cert for that domain.

I don't think they can if 'domainzzz.com' points elsewhere.

The server will want a cert that is good for both  'home.domainzzz.com' AND 'domainzzz.com' - I have had this situation myself.

2 SMEs. One is the main mycompany.com and has certs for mycompany.com, www.mycompany.com, mail.mycompany.com

I wanted a completely separate SME host called files.mycompany.com but If you ONLY get a cert for files.mycompany.com (which you can) the config will still want a cert for 'mycompany.com' as well.

You would need to hack the htpd config to remove references to 'mycompany.com' to get around this I think. It is a limitation of the way that letsencrypt/SME works at the minute.

(Note I could be completely wrong here !!

There is hack that you can employ. Mod the server to be someotherdomain.com and then set up a new domain called files.mycompany.com and then ONLY get certificate for JUST the 'domain'. That will fool SME)

These should reveal a bit more information.

Code: [Select]

db domains show
db hosts show