Sub-Domain and Directory Planning


#1

Hello,

I am going to install Let’s Encrypt on cPanel for the first time. My WordPress website is in development. Hence, I haven’t created all of my web page URLs. I would like more information about securing sub-domains and additional web page URLs with Let’s Encrypt.

  1. If I secure “www.example.com” and “example.com” will Let’s Encrypt consider I may have a forward slash after the TLD or do I need to secure each URL separately?

i.e.
www.example.com/page1.html
www.example.com/page2/new
www.example.com/page3.html

  1. Is it easier to secure new sub-domains with Let’s Encrypt the second time if I create new pages on the fly that share the same domain?

i.e.

blog.example.com
about.example.com

  1. Is it better to secure all sub-domains and filenames the first time you use Let’s Encrypt to secure your website?

  2. How long on average should it take to finish securing my website with Let’s Encrypt with 10 pages or less that share 1 domain?

Thanks,
Brody


#2

If the pages share the same domain (www.example.com/*), they will all be covered by the same certificate. However, if you change the domain or sub-domain (www.example.org or someotherthing.example.com), you will need to get a new certificate that covers those additional names. While you’re developing your site, it may be useful to consider all the domains/sub-domains you’ll need to secure so you don’t bump up against the Let’s Encrypt rate limits. I’d say securing www and the root (non-www) domains of your site is probably a good place to start. Regarding your question about renewing/adding additional domains, it’s pretty simple if all your domains point to the same server; all you have to do is request a new certificate using whatever ACME client you’re using.


#3

Thanks for your response koluke. It is very helpful. Here is my understanding and some questions please.

  1. Anything after .com/* with the same domain is covered by the same cert
  2. Different domain’s or sub-domain’s need a different cert. – Is there a way I can have all of my URLs that use the same domain and have sub-domains use the same cert?
  3. Where can I find more info about rate limits?

Cheers
BJ


#4
  1. Yes, everything with the same host name is covered by the same certificate. Everything after the / is the path part of the URL
  2. Not quite, but every host must have a certificate that is valid for that specific host name. One certificate can have multiple hostnames (one of the most common would be www.example.com and example.com). Let’s Encrypt lets you request up to 100 hostnames (this means unique subdomains and domains) per certificate.
  3. For rate limits, see https://letsencrypt.org/docs/rate-limits/

#5

Thanks koluke. You have answered my questions. I appreciate your help.

Cheers
BJ


#6

koluke, I just thought of something that I needed clarification on. If you can kindly help me please.

Since everything after the / is covered by the same certificate, does it mean I don’t have to manually enter anything with “/” i.e. example.com/directory during setup?

But I would have to enter:

www.example.com
example.com
subdomain.example.com


#7

Correct. in the first case you would just need a cert for example.com so only need to specify the one. in the second case you would need a cert for all 3 domains, so would need to specify all 3.

If you are doing this on the latest version of cpanel, with autossl, then it hould be able to handle all this automatically for you.


#8

Thanks serverco. I need to check what version of cPanel I am using. I am with GoDaddy, shared hosting plan. According to your response, in the 2 cases you explained, does that mean I will have 2 different certificates? What does autossl do and can you please point me the steps for this so that I can set it up?

I am planning to use the below steps. Does this include autossl?

https://isabelcastillo.com/lets-encrypt-ssl-certificate-godaddy-shared-cpanel

Cheers
BJ


#9

Those instructions don’t include autossl, no. AutoSSL is a function built into cpanel - https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/ but I have no idea if that is enabled on your account or not. I suspect with a google shared hosting plan it isn’t. If it was, then you have to tick one box just once, and then everything is automatically done for you, forever.


#10

Thank serverco. I will read that article then figure out how to enable AutoSSL. Thanks again.


#11

AutoSSL needs to be enabled first by your web host.


#12

Ok. I need to find out how to enable autoSSL. Do you have any documentation about this? If not, I will Google it.

Cheers
Brody


#13

unless you have root access - your web host needs to enable it.

The instructions are in the link (in my post) above.


#14

Cheers servero. I will do just that


#15

serverco, question for you please. Is root access and SSH access the same thing?

Cheers,
Brody


#16

No.

SSH is a secure method of accessing your server (text based command line)

root is related to permissions. as a root user you have permission to do everything, as in individual user you have limited access. You would only get root access if it’s your server (i.e. a dedicated or VPS, not a ‘shared’ server )


#17

I understand now. Thanks for explaining serverco.

Brody


#18

We could also say that, if you have root access, you almost certainly have ssh access (because ssh is likely how you would log in to administer the server). But if you have ssh access, you don’t necessarily have root access (because your access could be as a non-administrative user).


#19

Cheers @schoen. I learned this the hard way


#20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.