I have a sub-domain - corp.networkingtechnology.org hosted in my office. We have 2 x ML110 HP Proliant G6 servers with ESX 6
I have my own GroupWise 7 mail server, and three Apache Virtual servers: techsup.corp..., writing.corp... and music. corp...
We don't really use the networkingtechnology.org domain. The MX record is forwarded to my own mail server and we use an OPNsense Firewall.
My question is:
Can I create SSL Certs for my webservers on corp.networkingtechnlogy.org or do I have to get HostUpon to install Let's Encrypt and include the corp. subdomain.
Sure, though how you'd go about it would depend on some details you haven't mentioned. Depending on who hosts your DNS, the simplest way to do it might be using DNS validation.
I host my own DNS on windows servers but not on AD servers. We do have 2 x AD servers, but I chose to keep the DNS independent.
The only thing on HostUpon is the Domain name and everything else is hosted on corp.networkingtechnology.org which are in my office. T
That way, I can do my own security.
It's certainly possible, but most people coming to this Community run a relative simple setup, e.g. a single non-virtualised host running Linux and a webserver. Your setup with multiple virtual servers make it a little bit different, but certainly not impossible.
If all the webservers have their own hostname, you can just get a certificate for that single hostname on that host. So that for all Apache host you have 3 single certificates, one per host. And if your GroupWise mailserver also has its own host, you probably could get a certificate for that one too.
If you wish to have a single wildcard cert for all hosts, things get a little bit more difficult I recon tho.
These servers are running over http on CentOS 7. Let us suppose I install the certificates for them right now.
In 6 months time, if I want to move those web servers over to Centos 8 on a spanking new server, what happens then? Do the certificates transfer as well or do I have to create new ones?
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
It's my Firewall. We used Smoothwall Express 3.1 for years with no problems, but it seems to have stagnated, so we installed OPNsense. It's been running for two weeks so no one has been able to access our websites. They work fine form INSIDE the firewall. I just fire up a VPN to test it.
I'm working on a solution. OPNsense is much more complicated than Smoothwall and the OPNsense Forum leaves a lot to be desired. One hardly ever gets a response to a question.
If I can't get it sorted by the weekend. we'll just move back to Snoothwall Express.
I'll get back to you if I still have problems when it's working on the firewall.
OK I got everything fixed. Installed a certificate for corp.networkingtechnology.org. It found my two sites techsup.corp... and writing.corp...
I ran Qualsys SSL test and corp is fine, but the two forums failed and dont have the lock and show as insecure when I go to the site.
Each name needs to be in a cert.
[simplest is to get one cert with all the names on it]
I only see one cert, with one name on it: crt.sh | corp.networkingtechnology.org
