Utilizing DNS Certificate With A Redirect

My domain is:
*.haveibeenexploited.com

I ran this command:

  1. I enabled, successfully, a DNS cert for my website.
  2. I then put https://haveibeenexploited.com in my browser

It produced this output:
NET::ERR_CERT_COMMON_NAME_INVALID

My web server is (include version):
A Google Cloud compute instance (free-tier) with public IP address 35.212.220.106.
The operating system my web server runs on is (include version):
Ubuntu 18.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no…?

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.2.0

Other Thoughts
Since I am running this website off of a compute engine, I wanted to redirect my name – haveibeenexploited – to the IP address and serve my website there. This works, but I am getting the error mentioned, I think, because my cert is not for public IP address 35.212.220.106, but is for *.haveibeenexploited.com

Is there a way to make this error go away and provide HTTPS encryption for my website?

1 Like

You don’t need to redirect your domain name.
Just make an virtualhost with the domain on your server, and point your domain to the server.
You’ll be able to use the certificate directly with your domain.

P.S. This means, set A record for your domain to 35.212.220.106 instead of using the current redirection service.

1 Like

Thanks for the QUICK reply Steven.

This is somewhat new to me, so I have a few questions if you have the time:

  1. Is Apache a virtualhost? I am using React to serve the website on port 80 or 8080 right now, I believe.
  2. I would create a website on there like www.haveibeenexploited.com?

I created the certificate on a different machine, but this should be okay, right?

1 Like

Yes, Apache is a web server. If you are using React, you can either use React’s https support or use Apache as an Proxy to your React.

Using Apache to proxy might be better in your case, the basic steps:

  1. Edit the ports for port 80 (on React) to another port.
  2. Setup Apache to Listen on port 80 and 443, then setup proxy virtualhost to your server.

Yes, you should create a virtualhost with at least www.haveibeenexploited.com and haveibeenexploited.com.

It’s ok, but it’s better to create the certificate with the server, so the certificate process can be fully automated.

Thank you

1 Like

Thank you so much! I will try everything you said. Also, the A record works great.

I got it working without the Apache server, but I think that it is going to be best to do what you suggested since the way is kind of hardcoded with certificates.

Again, thanks so much for your help! Probably the best help I’ve ever gotten online!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.