CNAME and SSL - How to avoid security error?

Hi,

I have an application called sendy installed in the following setup: https://sendy.domain.com/

This works fine on a Digital Ocean droplet LAMP install.

Sendy is an email platform that allows you to send emails via AmazonSES.

It has a feature to use custom domains for tracking clicks etc. You add the custom domain and then it tells you to add it as a CNAME that points to the sendy install.

For example:

track.domain2.com CNAME record pointing to sendy.domain.com

I have a wildcard SSL on domain2.com which is hosted elsewhere.

However, I get security errors which I assume is some sort of name mismatch thing?

Is there something I need to do with the letsencrypt certificate on https://sendy.domain.com/?

Cheers.

1 Like

yes, add a valid certificate for track.domain2.com. if you cannot, remove the cname and reverse proxy the application.

2 Likes

in general, you can have a zone that looks like this

www in cname something.elsewhere.domain.com.
blog in cname something.elsewhere.domain.com.

on your server you will need valid certificates for www.yourdomain and blog.yourdomain, and it’s irrelevant if you have a valid cert for the cname destination something.elsewhere.domain.com.

1 Like

Is there a guide you can point me in the direction of for doing that via certbot?

I did the intitial SSL in the command line but using a tutorial.

Not sure what string of code is required for doing that?

1 Like

certbot --dry-run -d domain_name

if this command works, remove --dry-run and run the command again.

2 Likes

Thanks, I just installed one for track.domain2 which worked.

But now the original sendy.domain.com has a security error.

I am guessing I overwrote something :grin:

1 Like

does the webserver you are using support multiple certificates? (both apache and nginx do)

then install both.

otherwise, use certbot --dry-run -d domain_name -d other_domain_name

2 Likes

Thanks I think I got it sorted. Thanks for the help and speed of replies.

1 Like