How do I enable ssl using database driven domain?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: SuperIntuitive.org

I ran this command:

I wrote a CMS called superintuitive. It can handle multiple domains/subs. It does this by examining the server variable to get the domain name and then accessing that site from the database. It does not use virtual hosts to manage the domains. The Multiple domains/subs are all handled by the database.
All of the tutorials I have read about setting up ssl with letsencrypt (and others) have to do with modifying the virtual host data. There must be a way to setup ssl on a platform as described above?
Every time I try to get this done, (several) its like 3 hours that I wish I had back before finishing empty handed. I would LOVE to be able to offer a simple SSL/LetsEncrypt check box or text key field in the cms settings with simple directions. I just need to get it up and running to begin with.

It produced this output:

My web server is (include version): Apache2

The operating system my web server runs on is (include version): tested on ubuntu server and xampp

My hosting provider, if applicable, is: AWS, sometimes my home via comcast.

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I don’t think you’ll be able to leverage HTTPS correctly with your current setup as-is. From your description, it sounds like your Apache configuration is using a wildcard/default http server and routing all of that to the CMS - which then configures responses for the detected domain. If this is the case:

  • Getting a LetsEncrypt cert on that machine will not be hard. You can just pipe all the port-80 /.well-known traffic into another port that Certbot runs on, or use a custom library/client that integrates with your CMS.

  • Using a LetsEncrypt cert on that machine will be rather difficult. Apache will have to determine which SSL certificate to use during the initial SSL handshake, which happens long before data is routed to the CMS. I do not know if there is a plugin or Apache scripting library (like mod_perl) that allows for that kind of control in this part of the request lifecycle.

Some options are:

  1. You can look at servers that will sit in front of Apache and can handle SSL termination. Some of them use “autocert”, others may be api driven or scriptable. One such option is Caddy. I think some gateway systems like Varnish can do this too.

  2. You can move from Apache to another system like OpenResty. OpenResty is a fork of Nginx and has hooks for dynamically loading SSL certificates. An example of this is in a plugin I maintain, https://github.com/aptise/lua-resty-peter_sslers

I think I’ll just have to make vhosts for the domains and point their docroots all to /var/www/html/ Then run certbot on them. Hopefully that will work. My goal is making it as easy as possible. Thank you very much for your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.