How to create SSL dynamically which cname (point) to my server

javeedrahman · March 23, 2018, 2:48pm

Hi,

I am using Forge Laravel Server there I am using Let’s encrypt for SSL.

I have some domain/sub-domain which will point to my server. In this case, I am getting
“This server could not prove that it is www.example.com; its security certificate is from example.com. This may be caused by a misconfiguration or an attacker intercepting your connection.”

So, i research and found which need SSL for all domain/sub-domain in the laravel forge on Let’s Encrypt. Currenlty i am manually adding a domain for SSL certificate,

sudo letsencrypt --apache -d mydomain.com,x.mydomain.com,y.mydomain.com

I need to add SSL Automatically which pointing to (CNAME) my domain. Is that possible ?

bytecamp · March 23, 2018, 2:52pm

You may configure it once for all cases with a wildcard record:

*.example.com. IN CNAME example.com.

javeedrahman · March 23, 2018, 3:15pm

There will be a different domain which will point to my domain.

Example:: testing.google.com CNAME to my.domain.com
yahoo.com CNAME to my.domain.com
facebook.com CNAME to my.domain.com

so here I am adding these testing.google.com,yahoo.com,facebook.com to obtain a SSL certificate along with my.domain.com, Then only i can access testing.google.com access with https:// otherwise it will load in http://.

Is there i can add like www.my.domain.com,* (* in the sense allowing all domain which is pointing)

schoen · March 23, 2018, 4:02pm

You have to prove that you control domain names in order to issue certificates for them. There's no concept of "any name that points to this server". The reason for this is that otherwise, an attacker who operates a network could serve fake DNS replies for sites, pretending that they were pointed to the attacker's site. Then users of that network would be redirected to the attacker's site and their browsers wouldn't warn them.

mnordhoff · March 23, 2018, 5:18pm

However, there are web servers that will automatically try to issue a certificate for arbitrary domains pointed at them; Let’s Encrypt’s validation will succeed or fail depending on, well, if it’s a valid hostname legitimately pointed at your server.

For example, Caddy can do it:

https://caddyserver.com/docs/automatic-https#on-demand

And there’s a third-party OpenResty plugin for it. (I can’t personally vouch for it.)

javeedrahman · March 26, 2018, 11:41am

Hi,

Thank you @schoen and @mnordhoff i will check those recommended things.

system · April 25, 2018, 11:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to issue SSL to client Domain Via CNAME Records Help	7	11122	August 9, 2020
Cname For Auto SSL Help	9	877	October 8, 2022
Need to encrypt cname Help	9	742	December 18, 2021
SSL for other domains Server	17	1698	June 14, 2018
SSL enable automativally for my main domain, sub domain and mapping domain Help	4	622	March 12, 2020

How to create SSL dynamically which cname (point) to my server

Related topics