Total certificates


#1

Hello,

i have one problem and i want to know how to fix.

My first question is is the total of 100 CSR for the complete server or only for domainnames with their domainaliassen. Because i have one site idfoto.nl and this page has 140 stores in our country. Every store has his own domain and information is available in the site idfoto.nl

So when a specific store is found it opens the overall site store from this city.

I have tried first with 50 domainnames and then i have already the problem with more then 100 CSR thats why i want to know if this is the total account for a server.

Second is it possible to make an SSL certificate for all these names (140 CSR) if not is it possible to install 2 certificates from let’s encrypt on 1 site.

I hope it is possible that i can use 140 csr so that i only have to do this once.

regards Albert


#2

Hi @albertje

are these subdomains of idfoto.nl? Or own domains? If these are subdomains, you can use a wildcard certificate.

There is no limit of 100 certificate signing requests.

You can create one certificate with max. 100 domain names.

What does this mean? Has every store his own vHost? Every vHost can use an own certificate.


#3

I’m still trying to grasp what the topicstarter exactly needs/wants. I.e., a more detailed layout of the domain names.

As for a simpel answer: a single certificate can hold up to 100 SAN FQDNs. This can be any combination of “normal” hostnames and/or wildcard including hostnames. These certificates are not limited to a server nor limited to a specific TLS speaking daemon.


#4

Hello,

i try to explain.

there is one website idfoto.nl

  in this website there are a lot of stores. I call them in this example  losangeles, newyork, miami

  these have an url is this case idfoto.nl/miami  idfoto.nl/losangeles  idfoto.nl/newyork

  i registered these domainnames  miami.com  losangeles.com and newyork.com

I called these domainnames domainaliassen.

I htaccess i let them open their own path.

RewriteCond %{HTTP_HOST} ^(www.)?miami.com$ [NC]

  RewriteCond %{REQUEST_URI} ^/$

  RewriteRule ^(.*)$ [R=302,L]

  when i go to miami.com it opens the store idfoto.nl/miami but the browser still is displaying miami.com/miami

Example you can check idfoto.nl you see the complete site.

  check pasfotogemert.nl and you see the same site. Frontpage is gemert and all other links are still working with pasfotogemert.nl

i hope this is a bit better explanation.

regards Albert


#5

Hi Juergen auer, first WOW for the fast reply. Really fast. It are no subdomains but own domains. With an htacces script the get their own page from their store. So wildcard is not working.


#6

Could you please use the real domain names? Obviously, losangeles.com isn’t registered by you and isn’t a copy of idfoto.nl.

In any case, you have multiple options as I see it:

  • get every separate domain name its own certificate with the base domain name and the www. subdomain and put it in its own separate virtualhost of the webserver
  • put everything in a single certificate and use two or more certificates if you have more than 50 (the half of 100 b/c of the www. subdomain counts as a separate FQDN and thus to the total of 100) domain names. If you use 2 or more certificate, I think you’ll need to put those in a separate virtualhost. As far as I know, webservers don’t like multiple certificates with different domain names in a single virtualhost.

Wildcards doesn’t seem to work, as every domain is a standalone domain name, not a subdomain of idfoto.nl


#7

Checking

https://pasfotogemert.nl/pasfoto-gemert/

looks like a completely independent site. Has this site it’s own vHost?

If yes, you can create one certificate with max. two domain names:

pasfotogemert.nl
www.pasfotogemert.nl

and use this certificate by this vHost.

So you can add domains as much as you want. And you don’t need one certificate with 50 or 100 domain names.


#8

Hello Juergen,

what you are telling is not working.

  Is it possible i sent you a small video what happens and explanation how have build this site.

(i will sent with wetransfer is it is OK)

regards Albert


#9

Then explain it. In this forum. A lot of different users have a lot of different know how. More then these things I know.


#10

Hello i sent you wetranfer link.

video try to explain the problem.

but i had a solution.

  i copied idfoto.nl to id-foto.nl and in this copy they see idfoto.nl in htaccess.

so i have added 90 domainnames to idfoto.nl

and the other to id-foto.nl

regards albert

  (i try always to fuind something but maybe there was an other solution)

#11

From what you’ve described so far, it sounds like all of your sites reside under a single Apache VHost. Apache only allows you to use one certificate per VHost, so if you have more that 100 sites that won’t work. You’ll need to significantly redesign your Apache config so it has one site per VHost, then issue and install a certificate for each site.


#12

@albertje Is 't misschien handiger om je situatie en probleem in het Nederlands uit te leggen? Want zoals ik eerder al schreef, snap ik nog niet zo goed hoe het e.e.a. in elkaar zit. Wellicht is het ook handig om je Apache-configuratie hier te plaatsen, graag binnen de “code-tag” plaatsen met het “</>”-knopje in de balk van het reply-venster.


#13

Hallo Osiris,

  heel fijn dat het in het NEderlands kan, maar ik heb inmiddels een oplossing gevonden.

Wat was het probleem.

  er is 1 hoofdsite en deze site heeft allemaal winkels. Maar de winkels maken dus gebruik van de hoofdsite.

  middels htaccess heb ik het zo gemaakt dat de winkel in feite de eigen site ziet maar niets van de andere winkels.

ik kan alles met htaccess zo instellen en het zijn er 130.

  Echter SSL werkt maar tot 100 en dus zou ik nog steeds winkels hebben zonder ssl

  Ik heb dit nu opgelost door de site te clonen en de winkels verdeeld. NB maken ze nog allemaal dezelfde verbinding met de winkel.

Ik heb nu dus alle winkels SSL

Dank je wel overigens voor het behulpzaam zijn.

mvgr Albert