Two domains, should I have one or two SSL certs?


#1

I have 2 domains, domain1.com (company) and domain2.com (one of the products of the company, a SaaS).

Should I use one SSL certificate for both domains or have two separate SSL certificates, one for each domain?

domain1.com is not a redirect for domain2.com or vice versa.


#2

It depends whether they are the same virtualhost within your web server.

If they are the same virtualhost, then you should generally put both of the names on the same certificate.

If they are on separate virtual hosts, then you can have them together or separate, it’s a totally aesthetic choice, besides having to issue/renew two separate certificates.


#3

I’m using a shared hosting plan (Bluehost) with a dedicated IP address. What do you recommend in this case?


#4

That’s not sufficient to answer the question, it depends how the domains are managed within the web server. What type of shared hosting is it? cPanel?

Alias/Parked domain = put them on the same certificate
Addon Domain = do whatever you want/is easier/is more aesthetic

if in doubt, you can put them together and not worry about it.


#5

cPanel + shell access (but not root). Both are addon domains.

In the case I decide for one cert, in the letsencrypt utility should I specify 4 entries?
domain1.io, www.domain1.io, domain2.io, www.domain2.io


#6

Yes, that would be exactly right.

If you did use one certificate, the only potential downside is that people would be able to see all of the names together if they went in an inspected the certificate details (which nobody really ever does anyway). Since your company and your SaaS are probably already publicly associated, I can’t imagine it’s a huge problem.

It will, however, halve the amount of work you need to do every 60-90 days, if you are manually renewing the certificate for these domains, so it seems like a sensible choice.


#7

Thanks!

But I got confused, do I need to renew them every 60-90 days?
Sorry for the newbie questions, I haven’t done this before.


#8

Let’s Encrypt certificates only have a duration of 90 days.

What you need to do, depends on how you got the certificate. If you plan to manually issue certificates using some kind of a tool/website and then upload them to Bluehost cPanel, then yes, you’d need to renew them by hand that often.

Usually Let’s Encrypt is meant to be used in an automated way - e.g. Bluehost integrates it and it automatically renews for you. However this isn’t always the case because hosts don’t always support free/automatic SSL, so you’re stuck doing things manually :frowning: .

If you can link your domain or what cPanel server you are hosted on, I can check if it has AutoSSL enabled (a cPanel feature for free automatic SSL).

Also, here’s a big thread of hosting providers that integrate Let’s Encrypt, but Bluehost isn’t there.


#9

From what I read on their website, I have to ask them to install the cert once it’s generated.
https://my.bluehost.com/hosting/help/204

So I would have to ask them to upload a new cert every 90 days?

Is there a way to check for AutoSSL myself? I don’t want to list the domains publicly yet.


#10

Yes. If it was me I’d bail to another host.

From the UI, I’m not sure. I use a combination of Robtex, crt.sh and some tricks with how cPanel works to see how certificates for domains on a cPanel server were issued.

However, given that you have to email Bluehost to install a certificate, I would strongly suspect that the answer is that AutoSSL is not available.


#11

Do you have a specific host to recommend?


#12

No, I don’t know much about US-based hosting, sorry. You could check out the thread of hosting providers I linked to a couple of posts back.

“Most” cPanel hosts will have AutoSSL enabled (even if they’re not listed in that thread), since it is enabled by default. It’s a good question to ask pre-sales when signing up to any host.

Also consider that it may be a better investment for you to just pay up for a 1-3 year duration certificate from a commercial CA, have Bluehost install it and not worry about the problem for a while - totally up to you.


#13

Try to get a VPS, it might be useful if you can manage it.


#14

Any particular recommended? Linode or DigitalOcean?


#15

Sorry for the late response. I use Digital Ocean. If you get a referral link I think $10 free credit. Also if you want to go cheaper Ramnode is an option


#16

I always do this when visiting websites XD
When I visit a website, I always watch the certificate chain, the type of certificate (eg. DV)
The common name, the issuer and etc!


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.