Docker containers on ECS, when port for subdomains is already taken


#1

Hi,
I have a following issue. I wish to get certificates for a domain and a set of subdomains. Lets say example.my.com and sub1.example.my.com sub2.example.my.com sub3.example.my.com. I can run a server on the root domain -> example.my.com but the subdomains are already occupied and I don’t want to break the service. Is there a way to get one certificate for the root domain and all the subdomains without having to stop the services on them ? I’m fine with messing the root domain though. All that is hosted on aws, so I do not want to mess with dns (redirecting all traffic to the root etc.)


#2

Hi,

LetsEncrypt needs to verify you have control over all the domains / subdomain you want on the certificate, which can be done either by a check on http/https or a check on DNS.

I’m not sure why you say it needs to “break the service”. if you have a running web server on these subdomains, then you don’t need to stop any service on them. You simply need to add a file and code ( that LE essentially provide) to the website and that’s all. There is no need for downtime or “breaking” the service. Perhaps I’m misunderstanding something.

Alternatively, if using DNS verification, you need to add an additional TXT field in the DNS zone for that domain / subdomain. Again there is no “breakage” or downtime,

The only ( very slight) thing you generally need to do is reload apache /nginx or whatever to load the SSL certificate.


#3

Hi,
Thanks for the fast reply. That nginx restart was what I had in mind by breaking the service. But I already found out that you also support DNS challenge and that worked for me great.
Keep on the good job :slightly_smiling:


#4

You’re Welcome :slight_smile: a “reload” rather than a “restart” will usually ensure zero “breakage”


#5

Actually, apache2 needs to be restarted to take into account new certificates. A simple reload wont work.


#6

Interesting, I’ve used reload on a dozen accounts / servers in the past week perfectly fine (apache v2.4) when reissuing certs.


#7

Apache has multiple options for restarting its services: Stopping and Restarting. A graceful restart shouldn’t brake anything…