Is this error from visiting using a device inside or outside the on prem network?
From outside and inside my network. Same error
1 Like
Not an in-between firewall issue then.
Firewall on that server for port 443? Or port 443 closed completely?
On prem server, port 443 is open.
On my plesk
Domain is secured
Domain with the "www" prefix is not secured
Is there any connection with my on prem Virtual Host configuration?
1 Like
Almost certainly. What webserver software do you use? (nginx, apache, ?)
I'm assuming that domain.com and www.domain.com are supposed to be the same website. Does your certificate for domain.com not also have www.domain.com on it?
I'm using apache. Do you have a template for the virtual host for httpd.conf? I'm currently looking online but see different format
I configured same cert for my subdomainB and www.subdomainB
1 Like
Why would you need or want www. for a subdomain?
Honestly I don't know. I'm new to this kind of setup. I'm just following any tutorials and asking questions. I'm trying to cope up along the way.
Because of my ignorance, I hit the ssl renewal for today. What a disappointment.
1 Like
If subdomain b is on a separate machine from the main domain, it should have its own certificate. Only the website for the main domain (usually) would include the www. subdomain. You might be able to renew the expiring certificate even if the subdomain website is malfunctioning.
Also sometimes an sub-organization or project within an organization, like https://www.cs.utexas.edu/ for the computer science department at the University of Texas. I think it's less common when the subdomain is descriptive of a particular Internet service or kind of service (like forum or mail), and more common when the subdomain is descriptive of an organization (like https://www.fire.ca.gov/ for the Cal Fire agency within the State of California government).
1 Like
Makes sense. In my view, www is a relic that only makes the address longer and dilutes branding, which is why I opted for using "bare" domains a while back.
when I visit my subdomainB, it redirects me to https://subdomainB but still got an error connection refused.
Do I need to re-upload my cert files on plesk everytime I run certbot --apache?
Do I need to run cerbot --apache everytime I edit my httpd.conf file?
1 Like
According to plesk's own documentation, you need to create a crontab that runs certbot renew every day to keep your certificates from expiring.
Are you saying that you have a redirect from https://subdomainB.maindomain.tld to https://subdomainB?
If you're using certbot, you don't need to upload anything into plesk.
No. The main "certificate installation" only needs to be done the first time you acquire a certificate with certbot. Every time after that, certbot only updates some symlinks then restarts apache.
You might want to read through the plesk documentation that follows, especially the How to make and update Let’s Encrypt free SSL certificates with Plesk section that demonstrates how to use plesk to acquire your certificates and keep them renewed.
The redirect is already fine. I am just confused.
So far, this is what I've done on my on prem server
Successfully install Letsencrypt / certbot
Create a virtual host
On my web provider plesk
Pointed A Record subdomainB.maindomain.tld to my public IP which is port forwarded tomy on prem web server.
Created a ssl / tls, uploaded my .pem files from on prem server to web provider plesk
Assigned the cert to my subdomainB.maindomain.tld
1 Like
Keep in mind on which server plesk is operating. Usually a control panel is connected to a hosting account. Since the website for subdomain B is probably hosted on your organization's server (and therfore not hosted on your hosting provider's server), you would need to install the certificate for subdomain B on your organization's server.
In short, you want to install a certificate on the server(s) that will actually be serving the content for the website associated with the domain/subdomain name on the certificate.
I already installed a cert for our organization to be used by subdomainB. I also pointed A record of subdomainB to my public ip
The cert that I need to install on my on prem server is the cert that I generated on prem right?
1 Like
Did you install the certificate for subdomain B on the server inside your network or on the server of your hosting provider (outside of your network) by using plesk? I'm assuming you don't have plesk installed on the server inside your network.
I install the cert inside my network for my on prem web server. I also uploaded the certificate on my web provider plesk.
I dont have plesk install on my network.
1 Like
That's the part that does not make sense to me. I believe here that plesk only manages the hosting on the server owned by your provider and does not manage the hosting on the server owned by your organization. Thus, uploading the certificate of subdomain B to plesk would not accomplish anything.