CNAME and SSL - How to avoid security error?

richq · March 13, 2020, 9:56am

Hi,

I have an application called sendy installed in the following setup: https://sendy.domain.com/

This works fine on a Digital Ocean droplet LAMP install.

Sendy is an email platform that allows you to send emails via AmazonSES.

It has a feature to use custom domains for tracking clicks etc. You add the custom domain and then it tells you to add it as a CNAME that points to the sendy install.

For example:

track.domain2.com CNAME record pointing to sendy.domain.com

I have a wildcard SSL on domain2.com which is hosted elsewhere.

However, I get security errors which I assume is some sort of name mismatch thing?

Is there something I need to do with the letsencrypt certificate on https://sendy.domain.com/?

Cheers.

9peppe · March 13, 2020, 10:03am

yes, add a valid certificate for track.domain2.com. if you cannot, remove the cname and reverse proxy the application.

9peppe · March 13, 2020, 10:07am

in general, you can have a zone that looks like this

www in cname something.elsewhere.domain.com.
blog in cname something.elsewhere.domain.com.

on your server you will need valid certificates for www.yourdomain and blog.yourdomain, and it’s irrelevant if you have a valid cert for the cname destination something.elsewhere.domain.com.

richq · March 13, 2020, 10:08am

Is there a guide you can point me in the direction of for doing that via certbot?

I did the intitial SSL in the command line but using a tutorial.

Not sure what string of code is required for doing that?

9peppe · March 13, 2020, 10:09am

certbot --dry-run -d domain_name

if this command works, remove --dry-run and run the command again.

richq · March 13, 2020, 10:18am

Thanks, I just installed one for track.domain2 which worked.

But now the original sendy.domain.com has a security error.

I am guessing I overwrote something

9peppe · March 13, 2020, 10:23am

does the webserver you are using support multiple certificates? (both apache and nginx do)

then install both.

otherwise, use certbot --dry-run -d domain_name -d other_domain_name

richq · March 13, 2020, 10:27am

Thanks I think I got it sorted. Thanks for the help and speed of replies.

system · April 12, 2020, 10:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sub domains using DNS CNAME to external sites Help	6	1295	December 5, 2021
No errors, just questions Server	4	1212	March 2, 2017
New cname added in digital ocean and want to install ssl for this domain Help	7	685	October 29, 2022
About wildcard ssl and cname Help	2	608	April 14, 2021
Certbot Succeeded But HTTPS Doesn't Work Server	32	5015	July 29, 2018

CNAME and SSL - How to avoid security error?

Related topics