SP and I struggling with certs

Good day

I have a service provider that hosts a website on my behalf. It is a paid for service and they use LetsEncrypt certs for all the servers they host for me. But, I recently built a service that I want to host on premises. From what I understand they don’t use wildcard certificates. So the situation is as follows:

They host a server with address mydomain.co.za. The service I built has a DNS CNAME entry in my managment portal and the service is reachable from the internet. So if I type myservervice.mydomain.co.za in a browser, I can successfully access my service. I need to SSL my service, but not sure how to go about it now. I don’t have the finances for wildcard certs etc.
Could someone please help me understand what I need to do in order to get my service secured? Can I apply for a LetsEncrypt cert for myservice.mydomain.co.za only, or how does this work? Sorry, I am very new to this.
Any help will be greatly appreciated!

1 Like

Hi @hanserasmus,

You might like to take a look at these resources that try to introduce Let’s Encrypt services:

Just to clarify, Let’s Encrypt does offer wildcard certificates, which are also free of charge, but are more technically difficult to obtain in some hosting configurations.

You can get a Let’s Encrypt certificate for just myservice.mydomain.co.za and no other names. The CNAME is OK because the validation process both from the certificate authority and from web browsers will follow CNAME indirection automatically. The best way of doing this depends on the software environment of that server—what kind of software are you using to run your service?

(The intended way to use Let’s Encrypt is generally to run Let’s Encrypt client applications on your server, which handle the process of proving your control over the domain name, requesting the certificate, sometimes installing the certificate on the server, and renewing the certificate in the future before it expires. But the details of which of these client applications are potentially relevant to you will depend a whole lot on your server environment.)

1 Like

Dear @schoen

Thank you SO much for the prompt response.

The service is hosted on a CentOS 7 machine, on which I run HAProxy. This is the only public facing machine, and front-ends two apache based services, a private cloud and a document editing service. I can create the cert on the HAProxy as the intention is to have SSL terminated on HAProxy.

I will then start with those resources and try to get a certificate for JUST myservice.mydomain.co.za .
Thank you again!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.