Letsencrypt and certificate entries

O

overflower83

Verified User
Joined
Oct 22, 2006
Messages
16
Hi all,

We are using webmail.domain.tld for webmail access for our customers.
Would it be possible to have that entry added to the Let's Encrypt Certificate Entries list in any way?

Greetings,

Hans
 
zEitEr said:
Hello Hans,

There are two options:

1. add the domain into letsencrypt_list= and letsencrypt_list_selected= per the guide https://www.directadmin.com/features.php?id=1851
2. add domains into server-wide cert per this guide: https://help.directadmin.com/item.php?id=645

with the second option you may run into issues with renewing cert later due to a user's domain expired, moved, etc.
Click to expand...

I added webmail to theletsencrypt_list and checked webmail when creating the certificate, bu when I access https://webmail.domain.tld I'm still getting an ssl error due to use of server's certificate instead of the domains. Why doesn't httpd use the correct ssl?

Also on Directadmin's guide to create the webmail subdomain it doesn't create a virtualhost for port 443, is that guide outdated? Should I add an entry for port 443?
 
Yes, you should add a virtualhost for port 443. It will be tricky, if you have domains without SSL certs. Apache might fail to start if it does not find cert/key files. So you need to use tokens from the main virtual hosts for file locations:

Code: 
        SSLEngine on
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |CAROOT|

and be ready to see some warnings about wrong domains in a cert, in a case when your cert does not have a SAN for webmail domain.
 
You must log in or register to reply here.
Back
Top