Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: jameswilson on August 02, 2020, 01:06:58 PM

Title: lets encrypt and purchased certificate
Post by: jameswilson on August 02, 2020, 01:06:58 PM

Hi, im hoping to add an ev ssl cert to my sme server that is running my ecomm website. I was using a 3rd party but found to many issues so bought it back in house.
As part of the move i use lets encrypt as a temp measure but want to add an ev ssl to it.
I have a 3 subdomains on this. My question i suppose is, do i buy a wildcard cert (will that help with ranking etc) and move to just that, or 2 ev ssl certs for the 2 main domains (old ecomm site and new, old one will be redirected when new site is complete) and use lets encrypt for the remaining?

Thanks again
James

Title: Re: lets encrypt and purchased certificate
Post by: ReetP on August 03, 2020, 12:10:05 PM

I *think* (and Jean Philippe can correct me) is that you will need a cert for all domains.

As it stands currently on SME, Apache is not configured to use different certs for different domains. Letsencrypt uses one cert for all domains.

You'd have to hack httpd.conf templates to get a config like this:

https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

This is something we are looking at implementing in v10.

Title: Re: lets encrypt and purchased certificate
Post by: jameswilson on August 03, 2020, 09:37:36 PM

Quote from: ReetP on August 03, 2020, 12:10:05 PM

I *think* (and Jean Philippe can correct me) is that you will need a cert for all domains.

As it stands currently on SME, Apache is not configured to use different certs for different domains. Letsencrypt uses one cert for all domains.

You'd have to hack httpd.conf templates to get a config like this:

https://www.digicert.com/kb/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

This is something we are looking at implementing in v10.

Ah, so i either need the lets encrypt on all or a wildcard cert to use for all (in this case)

Does anyone know if it affects ranking ie lets encrypt vs an ev ssl. I accept id rather use an ev cert but dont want to break the other sub domains

Title: Re: lets encrypt and purchased certificate
Post by: Jean-Philippe Pialasse on August 05, 2020, 04:53:15 PM

sni (ability to have a ssl cert par virtualhost/domain) is possible on sme9 but no easy way to use it. you will need to do your own template custom. But beware this will work only for httpd not for email services. they will still use the main cert only



this way you can define a paid cert for a particular vortualhost and it should override the main cert with most recent web browsers.

 
otherwise you will need ONE certificate including all available domains and subdomains on your server.

working currently on sme10 to have it on stock sme.