Aliasdomains - ssl certificate

Discussion in 'Installation/Configuration' started by Mijosek, Jan 5, 2017.

  1. Mijosek

    Mijosek New Member

    I need set-up ssl certificate for my alias domain.
    Now I a have one website example.com (this is website with a content - magento eshop)
    second website example.eu (this is aliasdomain for example.com).
    Request sent to example.eu ends in directory(website) of example.com then is request rewrited to folder in directory (com, eu, etc.)
    When i open in Web Browser domain example.com in address bar i see example.com
    When i open in Web Browser domain example.eu in address bar i see example.eu

    I need to find solution for setting-up ssl certificate for both domains (.eu .com)
    I have two signed and valid certificate for both domains (.eu .com)

    thankyou very much

    Mijo
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You need a multidomain ssl cert that includes both domains cin that case as a vhost in apache and nginx can never have more than one ssl cert. E.g. when you use Letsencrypt in ISPConfig, then ISPCOnfig creates a multidomain ssl cert automatically which includes all alias domains and if you get a cert from an external ssl authority, then you have to ask them for a multidomains ssl cert as well which contains the website domain and alias domain.
     
  3. c3n

    c3n New Member

    Hello, do I understand corrrectly? that when I enable multisite setup for Presta, Wordpress (one folder WEB is for several domains) and make main domain.com as website added in ISP3... and make all other domains to this domain.com aliased... than when Let's Encrypt is enabled all my domains (main and aliased) will have proper SSL cert?

    So when user enter domain2.com which is in multistore Presta setup everything with SSL will be ok even if there is no ISP3 setup for SSL for domain2.com?

    I am asking because in Direct Admin for example all domains have own setup for SSL... You can setup multidomains there by apache directives or pointing domain to specific folder.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    yes
     
  5. c3n

    c3n New Member

    Thanks for reply.
    I've setup multidomain and is working like charm... all certificates are generated by LE in ./ssl
    but while accessing other domain2.com server sends SSL for main-domain.com even if there is proper certificate for that domain2.com in ../ssl
    Do I have to add manually some directives to force proper SSL? I tried also to add comodo SSL for each of those domains but stuck on the same problem... server sending certificate to main domain.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    This is a multi-domain SSL cert, so this one cert contains all domains. As long as the browser does not show a red warning about an invalid SSL cert, then it is working correctly.
     
  7. c3n

    c3n New Member

    STEP 1 - made one certificate for main-domain.com and after this i checked - works ok, checked for domain2.com - warning. (the only is CN = main-domain.com)
    STEP 2 - So in ISPconfig panel SSL section I created SSL for *.domain2.com --> it is in folder ssl but still main-domain.com is sent.
    My question is - I understand that STEP 2 is wrong so how can I rollback and try to roll back STEP 2 and STEP 1 and clear all certs and re-create main-domain.com via LE again?

    Sorry to bother but it is crucial for me because I moved 8 domains for e-commerce presta and only main-domain.com has properly generated SSL. I've got COmodo SSL for each domain, but can forget about them and use LE if it will be working as expected.
     
  8. c3n

    c3n New Member

    I already removed all issued LE certificates for aliased domain... selected domain and DELETE SSL. After this I cleared (deleted via ISP panel) main SSL. Wait and recreated SSL for *.main-domain.com -- still CN is for two domains www.main-domain.com and main-domain.com -- all other aliased domains missing.
     
  9. Jesse Norell

    Jesse Norell Well-Known Member

    Letsencrypt doesn't support wildcard domains, is that what you mean by '*.main-domain.com' ?
     
  10. c3n

    c3n New Member

    I meant multidomain so one certificate is delivered for CN=
    main-domain.com
    www.main-domain.com
    domain2.com
    www.domain2.com
    etc.
    I used *.main-domain.com to show how I generate first certificate via ISPconfig Panel in Web config.
    I thought and maybe misunderstood that when I setup main-domain.com and alias 5 other domains and enable LE. Than I will get properly delivered LE multidomain certificate so all multidomain CMS websites can use it. Now vhost limitations is that one certificate is send and propably (i dont know for sure) I cannot have LE multidomain SSL via ISPconfig... so I will have to bought another certifiacate Multidomain for about 150 USD... :)
     
  11. Jesse Norell

    Jesse Norell Well-Known Member

    That is correct, all your aliased domains/subdomains will be added to the LE certificate. As that seems to not be happening, check DNS for all the names your trying to add and make sure they point to the right ip addr. Also note the auto-subdomain setting, as if it's enabled (defaults to www), you'll need do make sure that subdomain is in DNS as well.
     
  12. c3n

    c3n New Member

    many thanks for answer. Propably it is DNS problem because before creating LE SSL I changed several hours earlier A records (www and non-www to migrate website earlier than e-mail server) for domains and maybe I created that LE certificate too fast. I will double check it, try to purge and reisue LE SSL again and post solution within 2-3 days.
     
  13. c3n

    c3n New Member

    Update:
    all domains pointed to server, checked
    cleared all LE certificates, done
    create main-domain.com LE certificate, done
    checking other-domain.com with the same error, there is only two CN delivered with certificate main-domain.com and www.main-domain.com

    I will try to purge LE certificates manually from server and try to create from scratch.

    BTW while creating LE certificate got admin email:
    12.06.2017-10:12 - WARNING - Falsche Anfrage / Wrong QuerySQL-Query = REPLACE INTO `web_domain` (`domain_id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`ip_address`,
    [...]
    -> 1054 (Unknown column 'log_retention' in 'field list')
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Please run this SQL query in the dbispconfig database to fix the issue:

    ALTER TABLE `web_domain` ADD `log_retention` INT NOT NULL DEFAULT '30' ;
     
  15. c3n

    c3n New Member

    thanks it worked...
    I noticed in web_domain that there is one single OLD row pointing to wrong domain folder.
    /var/www/clients/client13/web45
    not exists
    I got web82... do You think that I can fix it manually and it will fix my problem with cron/backup from https://www.howtoforge.com/community/posts/361107/
    ?
     
  16. c3n

    c3n New Member

    can I copy existing rows from ROOT server dbispconfig (multiserver) to that slave where rows WEB_DOMAIN are missing in dbispconfig for user?
    dbispconfig&table=web_domain
     
  17. c3n

    c3n New Member

    i did it and it fixed my problems with cron and backup - just added cronjob via panel and it was created on VPS server correctly
     

Share This Page