How protect 2 subdomains with 1 certificate Olesk Onyx

Havouza · June 19, 2017, 7:43am

Please fill out the fields below so we can help you better.

My domain is:host-thirty.com

I ran this command:

It produced this output:

My web server is (include version):Apache 2.4 ¨Nginx

The operating system my web server runs on is (include version):Centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Plesk Onyx

I use Letsencrypt for my domain host-thirty.com The certificate also protect the www sub. But we use another one for the mail. mail.host-thirty.com How can we protect that sub also with the same certificate

rg305 · June 19, 2017, 8:23am

That depends…
Do all three names go to the same system?

They return different IPs:
Name: host-thirty.com
Addresses: 2400:cb00:2048:1::6818:7bc3
2400:cb00:2048:1::6818:7ac3
104.24.123.195
104.24.122.195
Name: www.host-thirty.com
Addresses: 2400:cb00:2048:1::6818:7ac3
2400:cb00:2048:1::6818:7bc3
104.24.122.195
104.24.123.195
Name: mail.host-thirty.com
Address: 93.104.210.89

The first two seem to be on CloudFlare and provide IPv6 addresses (which may introduce some complexity)

rg305 · June 19, 2017, 8:33am

An LE cert was issued 5 days ago covering:
DNS:host-thirty.com
DNS:webmail.host-thirty.com
DNS:www.host-thirty.com
https://crt.sh/?id=153979231

Did that not solve this problem?

Havouza · June 19, 2017, 8:45am

Hi!

Ipv6 is not used. The third subis mail.host-thirty.com and goes to the same IP and is not protected by cloudflare because them mail will not work. It only use the cloudflare dns

Anders

Havouza · June 19, 2017, 8:53am

No it does not cover mail.host-thirty.com

Anders

rg305 · June 19, 2017, 9:00am

So, if all three names go to the same system, then it should be straight forward (as if CloudFlare wasn’t even there).

Plesk Onyx
Hmmm…

Does the mail system already have a cert?

Havouza · June 19, 2017, 9:18am

The mail server is protected by host-thirty.com cert. But because I must use mail.host-thirty.com as in and outgoing server I always get the Should you use this cert question

Anders

rg305 · June 19, 2017, 9:24am

Well you managed to get 3 names on the existing cert:
DNS Name=host-thirty.com
DNS Name=webmail.host-thirty.com
DNS Name=www.host-thirty.com

Why can’t you just add a 4th name?

Havouza · June 19, 2017, 9:50am

Probably that the PLESK api for Letsencrypt let me add a domain name and a www sub. Then you can set which cert that should protect the mail server. But it only protect the mailserver as host-thirty.com not as mail.host-thirty.com

host-thirty.com I cant use because it is proxied by cloudflare and will not work as mailserver setting.

The solution seems to be to either stop using cloudflare or stop using Letsencrypt and buy a wildcard cert instead

Anders

rg305 · June 19, 2017, 10:11am

If you can solve it with a wildcard cert, then you should be able to solve it with a 4 named (SAN) cert.
Can’t you just add all the names?

Havouza · June 19, 2017, 10:23am

I have no clue how to do it even if I am aware of SAN

Anders

rg305 · June 19, 2017, 10:25am

You managed to do 3 SANs on one cert.

Just add one more name to that list in your procedure.

Havouza · June 19, 2017, 10:38am

I think we stop this discussion, because as I said the API do that it self

I will use a wildcard cert to sol the problem.

Anders

rg305 · June 19, 2017, 10:47am

Maybe someone else will read this thread and have more input.
US eastern time zone will be daylight soon.
Please understand that I don’t work for Let’s Encrypt nor for Plesk.
I’m just a community member…
Trying to help out.

system · July 19, 2017, 10:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.