Siteground SSL Wildcard, subdomain another IP

#1

I have a Let´s Encrypt SSL with my domain en Siteground, and i have a subdomain with a diferent IP, it´s a Debian 9 virtual machine.

It´s possible tu use de SSL with de subdomain in the virtual machine with another IP?

Thanks!

#2

Hi @gofret84

that should be possible. One vHost can use one certificate. It’s not relevant if this is a domain or subdomain, if the DNS settings ok.

#3

The DNS of Siteground it´s OK, the subdomain have two A, one for the subdomain and another one for the www of the subdomain.

I understand that i have to do some configuration in the virtual machine that´s in another company with another IP. But i don´t know what is the files i have to change.

Or maybe assign the DNS of siteground to the VM?

I don´t know, thanks for the reply.

#4

That depends on the “management system” this virtual machine uses. There are a lot of things possible.

DNS says: This name -> that ip.

But if the ip address handles that domain name correct, that’s a configuration question of your webserver. That has nothing to do with your dns settings.

#5

We have a hosting plan with Siteground, and the virtual machine (debian 9 with a Moodle 3.6) it´s in Azure. The DNS of Siteground have the ip of the subdomain and it´s ok, but when i try to use Certboot from Debian, obviusly say to me that this domain it´s registered (Siteground). I think maybe i can put the keys of the certificate in some files of the debian virtual machine. It´ll be possible?

Sorry for my English.

#6

Ok, the option to take the certificate keys works, I have created the folder inside / letsencrypt / live / domain / and the certificates, and it is all correct, the problem I see is that every time the certificate is updated, I will have I copy and paste manually, I do not know if there will be a synchronization or similar option.

Thank you.

#7

I don’t understand the problem. It’s normal that the dns entries somewhere, the webspace is used from another company.

And it should work running certbot on your subdomain.

Why is this a problem? You can create a new certificate. There are some limits, but these are not really critical.

Share your domain name and the commands you have used.

#8

I think the problem is that I do not explain myself well, so just in case I’ll do a little summary. We have our domain caritas-sevilla.org in Siteground, we have a hired hosting and they manage the part of Let’s Encrypt (I can not do any management by console or anything).

I created a virtual machine in Azure with Debian 9 and Moodle 3.6. In Siteground I have configured a subdomain and in the DNS I have put the Azure ip to which you have to point, so I access without problems, but I had trouble not having a certificate, and when I tried to request certificate with Certbot in Debian I said that there was no authorization to generate a certificate. In the C-panel of Siteground I copied the keys of the certificate and created in the corresponding folder of the Debian Certbot the 4 .pem files, I modified the apache configuration telling them the location of those files and now it works correctly. The thing is that Certbot, I think, will not be able to update the keys when the certificate is updated, because they have not been created by him, I have included them by force.

Surely I leave something to comment, but I hope to have explained a little better and to serve.

#9

Creating a different certificate for the subdomain is definitely possible. If you ran into a problem, it can be fixed. It’s not because it’s impossible.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I ran this command:

It produced this output:

My web server is (include version):

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#10

That’s a problem, there are a lot of reasons possible.

But this

should be impossible. Your cPanel of Siteground doesn’t have access to your Debian system, so it’s not the debian, that answers, instead, it’s the siteground webserver.

DNS and webspace are two different things: I have customers, the define an own subdomain in their dns, that points to my database service. Then I create a Letsencrypt certificate, so this subdomain can use this certificate (instead of the standard certificate *.server-daten.de).

So the customer can use my service with an address like online-database.customerdomain.com.

Your situation is the same. The subdomain is somewhere else, but is independend from your main domain.

#11

Combining these two names in one certificate is making the problem bigger (not smaller).

The easier solution is to separate the certificates: One for each site.
And deal with any problems separately.
If site #1 is working, then remove that from the equation and focus only on site #2.

What is the information related only to site #2 (the one having the problem):
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I ran this command:

It produced this output:

My web server is (include version):

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#12

Thank you for all your answers.

In some details, I think that my English and my limited ability to explain myself do not help at all, but thanks to things you have said, I clarify ideas. I will try to get back to this before the end of the week, I will update here with what I see or I will ask for help again.

Thank you.

1 Like
#13

Hi.
At last I was able to sit in conditions and I was able to do it well, as you indicated that it could be done, with the option “sudo certbot -d subdomain.example.com --manual --preferred-challenges dns certonly” He asked me to will create in the DNS a TXT with a certain name and value and everything is great.

Thank you very much for the attention you have given me and for worrying about my problem.

3 Likes
closed #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.