Is this possible?


#1

Hi,

I’m new to letsencrypt, but I have read the howto’s and still am unable to figure out if what I want is at all possible.
Already have a letsencrypt certificate for my site https://hanslammerts.servebeer.com, but this one is nearing it’s expiration. Last time I checked, the domain servebeer.com was not in the PSL (therefore unable to prolong the certificate), so I tried to search for ways around this.
One post I could find mentioned to get a (cheap) domain (in my case that would be *.hanslammerts.nl), and have this domain redirect to the servebeer.com domain.
Now I am the proud owner of hanslammerts.nl, and a bunch more, and my provider lets me change the DNS A record so that *.hanslammerts.nl points to hanslammerts.servebeer.com.

My question now is if it is possible to get a letsencrypt certificate for hanslammerts.nl (or *.hanslammerts.nl), and use this certificate on my Apache server on my own linux box.

The flow of network traffic would be something like this (I imagine…) :slight_smile:

internet -> https://hanslammerts.nl -> my apache server which has the letsencrypt cert -> redirect hanslammerts.servebeer.com

The redirect is not quite correct. I have the DNS A record for *.hanslammerts.nl pointing to the ip for hanslammerts.servebeer.com

I hope my question is clear, but in any case the answer to it is not clear to me.

Hope someone can help me out here.

Thanks
Hans (duh…)


#2

Hello @phloks,

You are right servebeer.com is not included in PSL, anyway, right now you could issue a certificate for your domain (there are 10 remaining certs). Also, keep in mind that the rate limits have changed and now the limit are 20 certs per 7 days but what is more interesting, there is an exception to this limit for renewing certificates (issuing a new certificate with same names as a previous one) so doesn’t matter whether domains for servebeer.com hit the 20 limit, if you already issued your cert, you could renew it.

I don’t really understand what’s your final goal so let me guess it.

You already have a domain hanslammerts.servebeer.com and you use it because it is free and/or because it allows to perform Dynamic DNS Changes. Now you get your own domain hanslammerts.nl and you want to use it as your main domain but I don’t understand why you want to redirect https://hanslammerts.nl to https://hanslammerts.servebeer.com If you perform that redirect, you will need 2 valid certificates, 1 for hanslammerts.nl and 1 for hanslammerts.servebeer.com.

So, I think that you want to use hanslammerts.nl but you need hanslammerts.servebeer.com to update the dynamic ip of your home/office where you will serve your web site so I would recommend to change your DNS A records for hanslammerts.nl and *.hanslammerts.nl and use a canonical name (CNAME) pointing to hanslammerts.servebeer.com

hanslammerts.nl CNAME hanslammerts.servebeer.com
*.hanslammerts.nl CNAME hanslammerts.servebeer.com

Using this approach your main domain will point to your dynamic ip and you will only need certificates for your hanslammerts.nl domains. Of course, you should configure your Apache to serve hanslammerts.nl but you already did it for your servebeer.com domain so that should not be a problem to you :).

I don’t know whether I made this post very clear or maybe I didn’t understand your final goal so if you have any question, let me know.

Cheers,
sahsanu


#3

Hi Sahsanu,

Thanks !
You made it a lot more clear to me how I should handle this issue.
I’ll try implementing the CNAME stuff (if my provider lets me do that…)

Regards,
Hans


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.