Certificate for subdomain on external nameservers

Hi,

I am using some hosting service, and having an issue with the SSL Certificates because of the way the domains/subdomains are configured. I am more interested to know if what I need is possible.

My current set up is:

  • I have a domain ageofmetaverse.art/ purchased on Hostnet, using Vercel nameservers
  • On Vercel, I have a subdomain cms.ageofmetaverse.art pointing back to hostnet hosting, using an A Host entry

Now, since recently the certificate for the cms.ageofmetaverse.art has expired, and the hostnet support claims that it's not possible to use the Let's encrypt service on their dashboard to issue a new certificate, due to the domain using external nameservers.
Contacting Vercel, they say that where the hosting of the website is (hostnet for the cms subdomain), is where I should seek for help.

Is there a way to untangle this mess?

Does hostnet have nameservers that would allow you to use their dashboard? Can't you just switch your nameservers to them from Vercel?

You shouldn't need to transfer domain registration to them. At your domain registrar just change the name servers.

5 Likes

Be aware that changing nameservers can be a service affecting operation, especially if you are not familiar with DNS management.

5 Likes

Looking at this further I see your cert for your cms subdomain uses a wildcard cert. This requires a DNS Challenge. And, might be why your hosting company's panel can't issue the cert with an external DNS service.

Is it possible to just request a cert using the cms.ageofmetaverse.art name and use the HTTP Challenge instead? Is this what you do for your root domain?

5 Likes

I see two roaming vowels!

Edit: TYPO corrected in original post.

2 Likes

Yes sorry, that was a typo.

Blockquote
Does hostnet have nameservers that would allow you to use their dashboard? Can't you just switch your nameservers to them from Vercel?
Blockquote
You shouldn't need to transfer domain registration to them. At your domain registrar just change the name servers.

Yes that's true, but I get certain benefits if I transfer the nameservers to Vercel

Hostnet knows better than us how their system is setup. But, are you able to use their dashboard to get a cert with the explicit domain names you need instead of using a wildcard? A Let's Encrypt cert can have up to 100 names. This might allow using the HTTP Challenge rather than DNS Challenge so relies on your openresty web server instead of DNS.

Do you configure your openresty server yourself?

You should review this Getting Started topic and please answer more of the form you were shown when posting. You haven't given us much to work with.

===================================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.