How to create SSL dynamically which cname (point) to my server


#1

Hi,

I am using Forge Laravel Server there I am using Let’s encrypt for SSL.

I have some domain/sub-domain which will point to my server. In this case, I am getting
“This server could not prove that it is www.example.com; its security certificate is from example.com. This may be caused by a misconfiguration or an attacker intercepting your connection.”

So, i research and found which need SSL for all domain/sub-domain in the laravel forge on Let’s Encrypt. Currenlty i am manually adding a domain for SSL certificate,

sudo letsencrypt --apache -d mydomain.com,x.mydomain.com,y.mydomain.com

I need to add SSL Automatically which pointing to (CNAME) my domain. Is that possible ?


#2

You may configure it once for all cases with a wildcard record:

*.example.com. IN CNAME example.com.


#3

There will be a different domain which will point to my domain.

Example:: testing.google.com CNAME to my.domain.com
yahoo.com CNAME to my.domain.com
facebook.com CNAME to my.domain.com

so here I am adding these testing.google.com,yahoo.com,facebook.com to obtain a SSL certificate along with my.domain.com, Then only i can access testing.google.com access with https:// otherwise it will load in http://.

Is there i can add like www.my.domain.com,* (* in the sense allowing all domain which is pointing)


#4

You have to prove that you control domain names in order to issue certificates for them. There’s no concept of “any name that points to this server”. The reason for this is that otherwise, an attacker who operates a network could serve fake DNS replies for sites, pretending that they were pointed to the attacker’s site. Then users of that network would be redirected to the attacker’s site and their browsers wouldn’t warn them.


#5

However, there are web servers that will automatically try to issue a certificate for arbitrary domains pointed at them; Let’s Encrypt’s validation will succeed or fail depending on, well, if it’s a valid hostname legitimately pointed at your server.

For example, Caddy can do it:

https://caddyserver.com/docs/automatic-https#on-demand

And there’s a third-party OpenResty plugin for it. (I can’t personally vouch for it.)


#6

Hi,

Thank you @schoen and @mnordhoff i will check those recommended things.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.