We need to have some modules, for example: admin, app API, website.
So, for website URL is https://company-name.com. For modules we want https://admin.company-name.com and https://api.company-name.com.
How we can make subdomains secure(https). To use same certificates as for website, or they should be separately new certificates? What issues we can have if we will use same certificates?
You need an certificat which include all your domains and subdomains on the SAN ( Subject Alternative Name ) field of your certificat. The simplest way ist to use lets encrypt, which generate it for free.
Than you include this certificate on both virtuell hosts
You can use cert-bot to get https certificate
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
Just add all domains while executing.. so, your certificate will remain valid on all the mentioned sub-domains
certbot --apache -d example.com -d admin.example.com -d api.example.com
Related
This post shows how to add a certificate to an application, my question, is there a way to add multiple certificates both non-wildcard and wildcard certificate to a single application.
For example, I have an app called websites where it is home to multiple websites, is it possible to set several certificates to this application using Flynn?
You can add as many domains/certificates as you want to an app.
Use the flynn route add http $DOMAIN -c $CERTIFICATE_PEM_FILE -k $KEY_PEM_FILE command to add additional routes. You can distinguish between routes in requests to the app by checking the HTTP Host header.
I applied for the certificate of 1991421.cn, but I found that I can use this certificate to static.1991421.cn's services.
I am very confused, what is the difference between this certificate and the pan-domain certificate such as *.1991421.cn.
I originally wanted to apply for two certificates, 1991421.cn and static.1991421.cn, so as to use the corresponding two WEB services, but I found that 1991421.cn can be satisfied with one certificate.
~~I think, what u can't use the certificate of *.example.com for https://example.com, because this link not comparable with mask.~~
I made a mistake:
U can use example.com for first.example.com and for second.first.example.com.
But u can not use *.example.com for second.first.example.com. Wildcard certificate for *.example.com support only first-level domain, but not support second-level. (For second level u need cert *.example.com)
I provisioned a server using forge and set the domain to blog.example.com. And I generate a LetsEncrypt certificate for that server and set the site to run on http2. It was perfectly fine.
However, I need to make the server accessible via www.blog.example.com now. So I set a CNAME record to route www.blog to blog.example.com. But I got an error This site can’t provide a secure connection when I try to access the site via www.blog.example.com. So I try to generate a new certificate for www.blog.example.com but forge reply First domain does not match root domain on site.
How can I solve the problem?
Thank you.
I have a domain example.com in AWS and have got one load balancer and one ec2 instance. Trying to setup https with certificate from AWS.
Route53 setup and A record setup is done as follows for domain to load balancer.
domain name - *.example.com
Name:-
example.com.
Type:-
- Ip4
Alias Target :- dns name of load balancer.
My web is a spring based web and it redirect user to landing page if user access www.example.com --->>> www.example.com/landing.
After all the setup, if i access like the below url, it is working fine.
https://www.example.com/landing
But if i access without www,
https://example.com/landing --> It leads to browser security page.(Your connection is not private
Attackers might be trying to steal your information from ...)
Our certificate is based on the domain name *.example.com.
If I simply access, https://example.com/ ---> It gets redirected to http://example.com/landing -- > Spring app redirects like this with http.
http://www.test.com/landing leads to certificate trust error. (https://example.com/landing).
Getting site can not be reached error if i simply access, http://www.example.com/
I am looking for URL redirection to https if user access using http or without www or without any scheme. Not sure if i have to configure anything in Route53.
Also, Do i need to configure in my app to redirect to https?
Your current certificate should not work for the root, i.e. https://test.com
Either purchase an alternate name for https://test.com or use only www.test.com as your website. You do not need to change anything in Route53 for now. You probably do need to add redirection in your webserver/app to use HTTPS-only, unless you want to leave it to the users.
I have been using openshift for quite some time. Since letsencrypt is in beta, I thought I gave it a try.
My current setup:
www.digrin.com is an alias to my openshift url - digrin-digrincom.rhcloud.com
digrin.com A tag points to wwwizer redirect service 174.129.25.170.
I have uploaded ssl certificates to openshift. It works fine on domain www.digrin.com. However since naked domain digrin.com points to wwwizer.com, it does not use https. I believe it is a problem. I want both domains (naked as well as www variant) to use https. Is it possible? I know wwwizer has some premium plan where it might be possible, but I would like a free version if possible.
If you don't know, I can not set cname for naked domain, so I had to use A tag to wwwizer, because openshift might change IP address.
Useful link:
How to use naked GoDaddy domain with OpenShift hosting?
If you are looking for a free (1 domain) service that redirects naked domains with valid SSL certificates. I moved from wwwizer to nakedssl to redirect to an Opensift server and it works fine.
Well first of all I had to generate ssl certificate for naked domain - digrin.com. I set temporarily A tag for digrin.com to openshift's ip and generated ssl certificate.
Now we have working certificate, but since A tag for digrin can not be set permanently, domain registrant must support naked domain redirect. More on this you can read here -> if you registrant does not support it, move to cloudfront (I will test cloudfront if my registrant will not add this feature within few months and will update this answer).