Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: k_graham on November 02, 2020, 03:26:45 AM
-
I have a site hosted on line which uses "letsencrypt" as example https://domainzzz.com
And a local domain using sme server as example http://home.domainzzz.com
Of course trying to log into the local domain from the web as https://home.domainzzz.com brings up a warning for self signed certificate. Would I try and create the certificate from the hosted on line cpanel of actual domain or attempt to install the "letsencrypt" contrib here for the home.domainzzz.com which is the smeserver?
-
It's a tricky scenario.
It will depend on how you have your home server set up.
If it is set with 'domainxzzz.com' and a host 'home.domainzzz.com' then it will prove difficult because the local server will want a local certificate for both 'domainxzzz.com' and 'home.domainzzz.com' - it relies on a 'bundle rather than separate domain certificates so you can't just get one for the host (It's the way it currently works, and a limitation we would eventually like to overcome)
Someone else may have a hack to fix this temporarily, but it will not get fixed on SME v9.
-
If the public DNS for home.domainzzz.com points to your SME's WAN then you should be able to install the letsencrypt contrib and let it generate a cert for that domain.
-
If the public DNS for home.domainzzz.com points to your SME's WAN then you should be able to install the letsencrypt contrib and let it generate a cert for that domain.
I don't think they can if 'domainzzz.com' points elsewhere.
The server will want a cert that is good for both 'home.domainzzz.com' AND 'domainzzz.com' - I have had this situation myself.
2 SMEs. One is the main mycompany.com and has certs for mycompany.com, www.mycompany.com, mail.mycompany.com
I wanted a completely separate SME host called files.mycompany.com but If you ONLY get a cert for files.mycompany.com (which you can) the config will still want a cert for 'mycompany.com' as well.
You would need to hack the htpd config to remove references to 'mycompany.com' to get around this I think. It is a limitation of the way that letsencrypt/SME works at the minute.
(Note I could be completely wrong here !!
There is hack that you can employ. Mod the server to be someotherdomain.com and then set up a new domain called files.mycompany.com and then ONLY get certificate for JUST the 'domain'. That will fool SME)
These should reveal a bit more information.
db domains show
db hosts show