Getting certificate for server in subdomain with dynamic IP possible?


#1

Hello!

I have website (hosted externally) for which NO certificate was issued.
Furthermore I have a local repository server with Apache installed)
which can be reached via a dynamic IP and for which I created a CNAME subdomain entry:

CNAME: git.my-webaddress.net -> my-webaddress.dyndns-provider.net

Now I would like to get a certificate for Apache to make my GIT repositories publicly
available via https… but it’s not workink.

Question: How can I achieve this? (Cert for my server in subdomain)?


#2

You can do this via any of the normal methods for an Apache server. If you want help because it’s “not workink” you need to follow the usual steps, writing down what exactly happened (including an error messages displayed even if you personally didn’t understand them) and what you expected to happen so that people can give advice based on that.


#3

Thanks for your answer. This is what I did:

I cloned the repository and started it via: letsencrypt-auto --apache
(My server is a Turnkeylinux BTW).

When prompted I entered the name uf the subdomain: git.my-webaddress.net
This seemed to work.

However: When I now access the server via https://git.my-webaddress.net I always get an error:

git.my-webaddress:12321 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for the following names:
esxi.fritz.box, fritz.box, esxi, localhost

Error code: SEC_ERROR_UNKNOWN_ISSUER

ps: I assume that the generated certificate is ok because
I concatenated the priv.key+fullchain files and imported them
into the router which worked. That means that I can now access
the router interface without needing a security exception.


#4

Your domain is serving a self-signed certificate. You’ll need to configure your web server to use the certificates you got from Let’s Encrypt and make sure your site is actually served by that web server. I’m mentioning that because you said something about this being an apache web server, but your site sends the following header: Server:MiniServ/1.780


#5

I thought that letsencrypt automatically configures Apache to do that?

Accessing the server from local lan works correctly - therfore I assume
the certificate is used. But when accessing the server from outside world
(via router) it is not!


#6

It does if you were using the apache plugin, yes.

Sounds like your router isn’t actually forwarding the traffic, but rather acting as a HTTP reverse proxy, which is why you’re seeing the router’s certificate from outside your network. You’d have to either forward the traffic regularly (i.e. port-forwarding), or put the certificate you got from Let’s Encrypt on your router (though I imagine that’ll be hard to automate).


#7

I found out:

The webmin interface is (obviously) not configured automatically. Therefore
I got correct usage of the certificate when using ports handled by Apache and
error message when accessing the webmin interface.

Thanks for your help!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.