Cert for domain + subdomain

filch · February 18, 2019, 12:04am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: davefilchak.com / shop.davefilchak.com

Just so I am clear here: I can get a cert that covers both of these domains or do I need two?

Thanks
Dave

mnordhoff · February 18, 2019, 12:10am

You can use one certificate.

Let’s Encrypt certificates can have up to 100 names (from 1 to 100 domains).

Some ACME clients might make it easier or harder to arrange things in different ways.

filch · February 18, 2019, 12:28am

Cool. Thanks very much

filch · February 19, 2019, 1:50am

My host (A2 Hosting, who apparently support Let’s Encrypt) tells me they cannot install a cert for a domain and a subdominant, which they are calling a wildcard cert. Does this make sense? Can the cert just cover the sub Domain? Where do I find instructions for installing it myself?

Thanks
Dave

_az · February 19, 2019, 1:52am

Ah, I know these guys.

So you are using cPanel hosting?

If shop.davefilchak.com and davefilchak.com are separate virtual hosts in cPanel (for example, if the shop is a subdomain and davefilchak.com is your primary domain), then you just need to issue separate certificates for them.

That's just how cPanel wants it.

You can do this by logging into cPanel and visiting "Lets Encrypt SSL".

filch · February 19, 2019, 3:01am

Ah, I would be so happy if it was that easy. If you are saying that there should be a Let’s Encrypt icon in CPanel, I am sorry to say there is not. If there is not supposed be an icon/link, then are you saying I need to set up things in Let’s Encrypt and then take a token back to CPanel.

_az · February 19, 2019, 3:06am

Oh, my bad. I guess things have changed at A2 since last I checked in with them.

Ultimately it's up to them - Let's Encrypt is flexible for whatever arrangements you want, but A2 will have their own way of doing things and you'll need to follow their lead.

filch · February 19, 2019, 4:01am

Well now what their saying, because I am on a managed VPS, They
can only install it on the main domain. But I suspect it is not a
technical thing … just a management thing because if I did not
have a managed setup I could do whatever I want. I do has SSH
access so I am thinking of giving it a go that way. Can you point
me to installation and config instructions?

Thanks for your input.

Dave

_az · February 19, 2019, 4:05am

:\

Well, your domains already have SSL certificates (even on the non-primary domain):

So that explanation seems unlikely.

Do you have root access to WHM?

filch · February 19, 2019, 4:20am

Well that surprises me! I did not bother checking that because I
did not install certs on this domain or sub domain. I did on
zukamusic.com but not on this domain. I do have root access to WHM
yes.

_az · February 19, 2019, 4:26am

Right, that makes it easy.

Just go to WHM→Manage AutoSSL and make sure that either "cPanel (powered by Comodo)" or "Let's Encrypt" is selected. Doesn't really matter which one, but Comodo's is a bit more reliable on cPanel.

Further info:

filch · February 19, 2019, 4:26am

In fact, every domain I am hosting appears to be covered. Very
weird.

system · March 21, 2019, 4:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.