My domain is: smilinggardener.com
My web server is (include version): Apache
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: KnownHost
I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I’m fairly sure
I’m using a control panel to manage my site: cpanel
The version of my client is: Don’t have one yet
Where’s the best place to hire someone to create and install an SSL certificate for me? I can’t quite get my head around it (I have multiple subdomains that resolve to S3/Cloudfront/KeyCDN, so AutoSSL can’t do it for me).
I’ve used Upwork for other development tasks before but I feel a bit sheepish about giving root access - is that a valid concern or should I go for it? Thanks!!
It’s probably a valid concern, since giving out SSH access are pretty dangerous.
What do you want to achieve? Certificate for your main website?
You don’t need to use one single certificate for all hosts (servers), so use AutoSSL when available.
You could get certificates for your subdomains (on cdn) automatically…
It’s actually simpler than it seems. If you can post more details, I might be able to help you. Also, if you set up automatic renewal, you will not need to worry about certificates in the future.
Yes, you should hire only someone you trust, preferably sign an actual contract and not just have a verbal agreement. It might be cheaper to instead of hiring anyone to just use a managed hosting (Let’s Encrypt certificates usually come for free).
Thanks @stevenzhu and @bershanskiy. Perhaps I should try myself first.
Currently, I’m using AutoSSL, but it only covers my main domain. I want to cover 3 additional subdomains.
Apparently, AutoSSL can create multiple-domain SSL certificates, but only for subdomains that resolve to the same IP. Since my subdomains resolve to other places (Amazon S3, Cloudfront, and KeyCDN), I need to do this myself.
I read on the Let’s Encrypt website that, when you only have a few subdomains, multiple-domain SSLs are a little better than wildcards, so I was thinking of going with that, but I don’t really know if that’s best.
One more challenge. I’m currently running the site through Cloudflare and I want to stop that. That’s actually why I need the multiple-domain SSL - Cloudflare was handling it for me before, but without Cloudflare, I need to manage SSL for those subdomains myself.
I’ve gone into WHM and turned on root access for this domain, but I’ve never done anything in root so I’m a little worried about messing something up.
First of all, is there any subdomain (or resources) you want to cover (that’s not covered in AutoSSL) not run on a CDN (or S3)?
If you use CDN (CloudFront and KeyCDN), those CDN would auomatically apply a certificate to your domain. (KeyCDN use Let’s Encrypt, CloudFront use AWS ACM).
S3 can be connected with AWS ACM, so you won’t need to cover those subdomains (hosts) with a certificate you managed (especially because you need to update the certificate every two months)
The main domain, as you mentioned, is covered by AutoSSL, so no need for a certificate.
Running commands in root is equivalent to executing programs with “administrator privileges” in Windows. Just make sure you follow a trustworthy guide and understand what you are doing and you’ll be fine. You are welcome to ask any questions here, of course.
Is this the desired configuration? It might be easier for you (logistically) to use the same hosting provider for everything. FYI, if you don’t get much traffic, you can host all domains on the same VM (along side or in docker) and, may be, even save money.
Wow, this is such a helpful community!!
Okay, I went ahead and turned off Cloudflare (i.e. pointed my nameservers back at my host instead of Cloudflare) to see what would happen.
If you use CDN (CloudFront and KeyCDN), those CDN would automatically apply a certificate to your domain.
@stevenzhu so far, KeyCDN is still working (but I’m not sure if the new nameservers are fully in effect yet), but Cloudfront isn’t. I store my images in S3 and serve them from Cloudfront, so all of my images are now down.
I wonder if the problem is that I use an alias (CNAME)? Here’s an example file and the browser says it’s insecure ( https://media.smilinggardener.com/files/images/phil.jpg ). Any thoughts?
Fixed! I followed these instructions ( https://deliciousbrains.com/wp-offload-media/doc/custom-domain-https-cloudfront/ ) to create an SSL in the AWS Certificate Manager.
We just lost our IT guy and our Google DSN SSL certificate is about to expire in a few days. We aren’t really tech people ourselves, as we have been trying to figure out how to do it ourselves, and we’re afraid to find someone new willy nilly as we have had difficult experiences in the past with the people we have hired and we are worried about the security of our website.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.