Free & automatic certificate from Let's Encrypt

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
I can't seem to add SSL certificates for subdomains ns1 and ns2 (nameserver subdomains)

I was wondering if there is a way to add subdomains to the "Let's Encrypt Certificate Entries"
in Directadmin it has ftp, smtp, www etc.. but I would like to add ns1. and ns2 to it.

But then they have different ip's to the existing domain/subdomains

I tried looking online but couldn't see how to add any new subdomains to it or even if I should add them to it.
Any help would be very appreciated.
 
ns1 and ns2 are not used as subdomains but as nameserver hostnames, that could be the reason they are not displayed in DA itself.

Edit: Forget the rest I wrote before. There is probably a reason for this. I wouldn't know why you should use ssl for nameservers.
Unless they are real server hostnames, in that case you could use this:
https://help.directadmin.com/item.php?id=629
 
Last edited:
Thanks Richard for your help and quick response, much appreciated.

I figured everything needed SSL certificates. Looking into it, I guess encrypting the IP to the requester isn't really necessary.
 
You're welcome.
If you're an admin, the server hostname could do with a certificate.
For the rest, only domain name and things like ftp, smtp, www, etc. but you can use the wildcard for that.

The nameservers only translate ip's to domain names (v.v.) but do not really set up a connection, that does the webserver or mailserver or ftp etc. etc. so they could need ssl to create a secure connection.
 
That's not true. DNS sets up a connection too and it is not unreasonable to protect this with SSL. DNS is one of the weakest protocols of the internet.

DNS over HTTPS is an experimental feature in some browsers. However, it's not yet aimed at the 'local' DNS server you and we are hosting through DirectAdmin and sorts. It's focussing on resolvers, the servers most likely offered by your provider to you as its public DNS servers.
 
I didn't say it did not set up a connection, I said it did not really set up a connection (so like the mentioned servers do).

How is DNS setting up a real connection then? It only points to domain names where the connection is made by the daemons running there as far as i know.
The connection (imho) is that the user connects to the nameserver to ask for a translation, which the resolver dns provides. It's kind like a connection, but not like with mail or ftp imho.

I heard about DNS over HTTPS for increased security, but that's to protect the DNS so hackers can't look which domain is looked up and reroute traffice (man in middle attack). Which is indeed not unreasonable but still not widely available and still experimental, so it does not count at this moment.

DNS still does not make any connection itself. However it's part of the route the user takes and it's indeed one of the weakest protocols which would need improvement.

So it's true what I said at this moment. In the future it will hopefully be better. Correct?
 
@Richard G DNS over HTTPS is for resolvers (recursive DNS).
But the DNS servers you manage by mean of DA are authoritative, not resolvers (even if they could be configured in order to be also recursive, but it's useless and a mess ...)
 
Yep I understood that already. See my last line I wrote. But recursive is also DNS.

I'm also using dnssec. I only pointed out that this was probably what TS probably meant. Not on what DA is using.
 
Back
Top