Let~s Encrypt + COMODO


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rumebel.ru

I ran this command:

It produced this output:

My web server is (include version): CentOS Linux 7.x

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Good day! We have installed a trial certificate class WildCARD for the domain rumebel.ru *rumebel.ru When checking the validity of the certificate on the resource ssllabs.com received a status B fault “Chain issues Incomplete, Extra certs”. Part of the server resource analysts generally denies the existence of the certificate at all, example: seolik.ru, pr-cy.ru. The question arose whether it is possible a combination of both certificates in the form - for the root domain leave the existing certificate from COMODO and subdomains use certificate Let~s Encrypt ?


#2

The web server should send either the Let’s Encrypt certificate and chain, or the Comodo certificate and chain, depending on which domain was requested. Not both at once.

With nginx, this can generally be achieved by using separate virtual hosts, e.g.

server {
  listen          443 https;
  server_name     rumebel.ru *.rumebel.ru;
  ssl_certificate /etc/letsencrypt/live/rumebel.ru/fullchain.pem;

  # ...
}

server {
  listen          443 https;
  server_name     pr-cy.ru *.pr-cy.ru;
  ssl_certificate /etc/ssl/digicert-cert.pem;

  # ...
}

#3

Thank you for the explanation, I also assumed, but in our case, the initial mechanism of creating subdomains is not used is the options for individual virtual hosts for each, there are only two IP :80 & IP:443 all other issues are solved by include_areas in the default template, i.e, a simple substitution of data in the template. Apparently it’s the wrong decision and it worked in the moment this way. Unfortunately it was born a long time ago and redo the entire site initially, I now just do not have the time and opportunity


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.