CNAME and SSL - How to avoid security error?

Help
#1

Hi,

I have an application called sendy installed in the following setup: https://sendy.domain.com/

This works fine on a Digital Ocean droplet LAMP install.

Sendy is an email platform that allows you to send emails via AmazonSES.

It has a feature to use custom domains for tracking clicks etc. You add the custom domain and then it tells you to add it as a CNAME that points to the sendy install.

For example:

track.domain2.com CNAME record pointing to sendy.domain.com

I have a wildcard SSL on domain2.com which is hosted elsewhere.

However, I get security errors which I assume is some sort of name mismatch thing?

Is there something I need to do with the letsencrypt certificate on https://sendy.domain.com/?

Cheers.

1 Like
#2

yes, add a valid certificate for track.domain2.com. if you cannot, remove the cname and reverse proxy the application.

2 Likes
#3

in general, you can have a zone that looks like this

www in cname something.elsewhere.domain.com.
blog in cname something.elsewhere.domain.com.

on your server you will need valid certificates for www.yourdomain and blog.yourdomain, and it’s irrelevant if you have a valid cert for the cname destination something.elsewhere.domain.com.

1 Like
#4

Is there a guide you can point me in the direction of for doing that via certbot?

I did the intitial SSL in the command line but using a tutorial.

Not sure what string of code is required for doing that?

1 Like
#5

certbot --dry-run -d domain_name

if this command works, remove --dry-run and run the command again.

2 Likes
#6

Thanks, I just installed one for track.domain2 which worked.

But now the original sendy.domain.com has a security error.

I am guessing I overwrote something :grin:

1 Like
#7

does the webserver you are using support multiple certificates? (both apache and nginx do)

then install both.

otherwise, use certbot --dry-run -d domain_name -d other_domain_name

2 Likes
#8

Thanks I think I got it sorted. Thanks for the help and speed of replies.

1 Like
#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.