It produced this output:
this connection is not a private
My web server is:
Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is:
Ubuntu 18.04.5 LTS
I can login to a root shell on my machine:
yes
The version of my client is
certbot 1.31.0
I'm mapping this domain newnfashion.com to this ip server XX.XXX.XX which has a valid wildcard SSL issued by LetsEncrypt for the main domain weeby.store and the subdomain newn.weeby.store
my question: is it possible to serve the mapped domain: newnfashion.com with that Wildcard SSL? how can I achieve?
Here is a list of issued certificates for crt.sh | newnfashion.com, the most recent being 2022-10-03.
I do not see any certificates issued by Let’s Encrypt.
No.
Redirections don't change the request name.
The cert must contain the name requested. newnfashion.com <> weeby.store [FAIL] newnfashion.com <> newn.weeby.store [FAIL]
So @rg305 if I understand correctly they will need a New Wildcard Certificate with the domain names of the present Wildcard Certificate and added to that the additional domain name newnfashion.com, for a New Wildcard Certificate.
SNI allows for one IP to serve many names.
[those names don't all have to be in a single cert]
Weebly would have to obtain a cert that covers the new name being sent to them: newnfashion.com
Yes.
The cert presented must match the requested name.
CNAMEs only redirect one DNS name to another.
DNS only resolves names to IPs.
So, using a CNAME just delegates the IP for the first name to the IP of the second name.
NAME#1 goes to IP#2.
But it is still looking for NAME#1 [at the NAME#2 location].
In a more understandable situation:
I need to speak securely with John...
Knock on John's door and ask for John - Sorry, he's at Bob's house.
Knock on Bob's door and ask for who?
I still ask for John [not Bob].
Whomever answers must present an ID as John or I will not speak with him securely.
I did obtain a new cert with: sudo certbot --apache -d newnfashion.com
certbot telling me:
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/newnfashion.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
if I choose install, certbot can not find the virtual host and it will try to install it on top of the main wildcard that I have as a main domain, (which is weeby.store)
I think I'm missing some steps, any idea?
thank you
please note, weeby is a saas application that provide services for users with a subdomain of their choice , since some users ask for custom domain , we need create a CNAME , then ask those users to create a A record, in our case: newn.weeby.store is willing to have his custom domain newnfashion.com
the way I solved is to create a new vhost and include the obtained cert, however as the number of the vhost it is going to increase (by hundreds), do you recommend any automation methods to update so we can maintain and avoid any browsers warning?
Designing architecture for (hoped for) large commercial sites is beyond the scope of this forum. Or, at least beyond the scope of what I wish to help with.
I thought this was a rare exception to a well-established system. If it is just the first of many such customers I think you have much to consider.
You should review the topic below. Perhaps others will comment about using Apache for large integrations or offer other ideas. Best wishes.