Results 1 to 6 of 6

Thread: Free & automatic certificate from Let's Encrypt

  1. #1
    Join Date
    Sep 2014
    Posts
    10

    Free & automatic certificate from Let's Encrypt

    I can't seem to add SSL certificates for subdomains ns1 and ns2 (nameserver subdomains)

    I was wondering if there is a way to add subdomains to the "Let's Encrypt Certificate Entries"
    in Directadmin it has ftp, smtp, www etc.. but I would like to add ns1. and ns2 to it.

    But then they have different ip's to the existing domain/subdomains

    I tried looking online but couldn't see how to add any new subdomains to it or even if I should add them to it.
    Any help would be very appreciated.

  2. #2
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,549
    ns1 and ns2 are not used as subdomains but as nameserver hostnames, that could be the reason they are not displayed in DA itself.

    Edit: Forget the rest I wrote before. There is probably a reason for this. I wouldn't know why you should use ssl for nameservers.
    Unless they are real server hostnames, in that case you could use this:
    https://help.directadmin.com/item.php?id=629
    Last edited by Richard G; 09-05-2018 at 07:43 AM.
    Greetings, Richard.

  3. #3
    Join Date
    Sep 2014
    Posts
    10
    Thanks Richard for your help and quick response, much appreciated.

    I figured everything needed SSL certificates. Looking into it, I guess encrypting the IP to the requester isn't really necessary.

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,549
    You're welcome.
    If you're an admin, the server hostname could do with a certificate.
    For the rest, only domain name and things like ftp, smtp, www, etc. but you can use the wildcard for that.

    The nameservers only translate ip's to domain names (v.v.) but do not really set up a connection, that does the webserver or mailserver or ftp etc. etc. so they could need ssl to create a secure connection.
    Greetings, Richard.

  5. #5
    Join Date
    Sep 2005
    Posts
    372
    That's not true. DNS sets up a connection too and it is not unreasonable to protect this with SSL. DNS is one of the weakest protocols of the internet.

    DNS over HTTPS is an experimental feature in some browsers. However, it's not yet aimed at the 'local' DNS server you and we are hosting through DirectAdmin and sorts. It's focussing on resolvers, the servers most likely offered by your provider to you as its public DNS servers.

  6. #6
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,549
    I didn't say it did not set up a connection, I said it did not really set up a connection (so like the mentioned servers do).

    How is DNS setting up a real connection then? It only points to domain names where the connection is made by the daemons running there as far as i know.
    The connection (imho) is that the user connects to the nameserver to ask for a translation, which the resolver dns provides. It's kind like a connection, but not like with mail or ftp imho.

    I heard about DNS over HTTPS for increased security, but that's to protect the DNS so hackers can't look which domain is looked up and reroute traffice (man in middle attack). Which is indeed not unreasonable but still not widely available and still experimental, so it does not count at this moment.

    DNS still does not make any connection itself. However it's part of the route the user takes and it's indeed one of the weakest protocols which would need improvement.

    So it's true what I said at this moment. In the future it will hopefully be better. Correct?
    Greetings, Richard.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •