Add IRC SSL on domain that already has HTTP SSL

My domain is: paulmartz.com

My web server is: Apache 2.4.38
I want to add an UnrealIRC 5.0.7 server on a second computer.

The operating system my web server runs on is: Both computers are Debian 10 current release

I can login to a root shell on my machine: Yes. I own the computers. I am well-versed with linux administration and CLI/sh/bash.

The version of my client is: certbot 0.31.0

Basically, I have an SSL for a domain, and I'd like to add an SSL for a subdomain. How do I do that? Details follow.

I used certbot to obtain an SSL for paulmartz.com on my apache server a couple years back and this works fine. I'd like to install an UnrealIRC server on a second computer. UnrealIRC also requires an SSL, and I'd like the domain to be irc.paulmartz.com. Both systems are current release Debian 10. My questions:

Do I install certbot on the second/IRC system and obtain a new SSL for irc.paulmartz.com? Or is there a way to modify my existing cert to include both paulmartz.com and irc.paulmartz.com? If the latter, how do I modify the cert? And how do I share the certs between the two computers (do I use NFS or do I copy the chain and key files)?

Note that I don't want a wildcard cert, as I have other HTTP subdomains (vinyl.paulmartz.com and rp.paulmartz.com) that do not have SSL nor do they need it.

As a possible complicating issue, I use the free CloudFlare service. But I can disable CloudFlare on the irc.paulmartz.com CNAME record, if necessary. Also, CloudFlare provides its own SSL. I've considered doing away with certbot / Lets Encrypt entirely and switching to the CloudFlare SSL, but I've been reluctant to eff with something that's already working. So I'd prefer to stick with Certbot if possible.

Thanks for any and all assistance and advice.

1 Like

Hi @PaulMartz

that's

the easiest solution. Two different systems, two different certificates. There is a rate limit. But with two domain names that's not a problem (more then 50 would be).

You can't modify a certificate, you can create one certificate with two domain names. But why? You must copy the certificate, makes things more complicated. So two different certificates ... easier.

2 Likes

Makes total sense. Thanks for the sanity check and quick reply.

2 Likes

Question: how would I connect to your UnrealIRCd when the A record for irc.paulmartz.com points to a CloudFlare IP? (Actually, to three IPs..) I'm not familiair with CloudFlare having a IRC loadbalancing feature. As far as I know, it's purely HTTP/HTTPS?

So:

Is necessary anyway to make your IRC work.

Also, it isn't a CNAME currently, irc.paulmartz.com has three A records.

3 Likes